There are seven key principles under GDPR as follows: Lawful fair and transparent processing. Purpose Limitation. Data minimisation. Accurate and up to date processing. Limitation of storage in the form that permits identification. Confidential and [...]

The keeping of data imposes an obligation on the Controller to keep the data safe, not to keep the data for longer than is necessary for that purpose and to ensure that the appropriate notifications [...]