Personal Data Processing Principles

LYIT has established the following high-level principles relating to Data Protection in order to comply with GDPR requirements:

  • Personal Data shall only be Processed fairly, lawfully and in a transparent manner (Principles of Lawfulness, Fairness and Transparency);
  • Personal Data shall be obtained only for specified, explicit, lawful, and legitimate purposes, and shall not be further Processed in any manner incompatible with those purposes (Principle of Purpose Limitation);
  • Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed (Principle of Data Minimisation);
  • Personal Data shall be accurate, and where necessary kept up to date (Principle of Accuracy);
  • Personal Data shall not be kept in a form which permits identification of a data subject for longer than is necessary for the purposes for which the Personal Data are Processed  (Principle of Data Storage Limitation);
  • Personal Data shall be processed in a secure manner, which includes having appropriate technical and organisational measures in place to;
  • prevent and / or identify unauthorised or unlawful access to, or processing of, Personal Data; and 
  • prevent accidental loss or destruction of, or damage to, Personal Data (Principles of Integrity and Confidentiality).