When we process personal data, we must generally process the data responsibly and with due diligence.
- Lawfulness, fairness and transparency: When we process personal data, the processing must be lawful, fair and transparent. We must observe ‘good practice for data processing’ from the Danish Data Protection Agency.
- Limitation of purpose: When we process personal data, there must always be one or more objective and legitimate processing purpose(s). Furthermore, the processing of the personal data at a later time must not be in conflict with the original purpose(s).
- Data minimisation: When we process personal data, the data must be adequate, relevant and limited to the objective and legitimate purpose. We must only process personal data that is ‘need to know’ and not ‘nice to know’.
- Data quality: When we process personal data, it must be correct and up to date. In addition, incorrect personal data must be deleted or updated.
- Limitation of storage: We must only store personal data for as long as this is necessary. Personal data must be deleted or made anonymous when we no longer need to process it.
- Integrity and confidentiality: When we process personal data, we must ensure the necessary security measures (both technical and organisational).