There are seven key principles under GDPR as follows:

  1. Lawful fair and transparent processing.
  2. Purpose Limitation.
  3. Data minimisation.
  4. Accurate and up to date processing.
  5. Limitation of storage in the form that permits identification.
  6. Confidential and secure.
  7. Accountability and liability.