LYIT has established the following high-level principles relating to Data Protection in order to comply with GDPR requirements:
- Personal Data shall only be Processed fairly, lawfully and in a transparent manner (Principles of Lawfulness, Fairness and Transparency);
- Personal Data shall be obtained only for specified, explicit, lawful, and legitimate purposes, and shall not be further Processed in any manner incompatible with those purposes (Principle of Purpose Limitation);
- Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed (Principle of Data Minimisation);
- Personal Data shall be accurate, and where necessary kept up to date (Principle of Accuracy);
- Personal Data shall not be kept in a form which permits identification of a data subject for longer than is necessary for the purposes for which the Personal Data are Processed (Principle of Data Storage Limitation);
- Personal Data shall be processed in a secure manner, which includes having appropriate technical and organisational measures in place to;
- prevent and / or identify unauthorised or unlawful access to, or processing of, Personal Data; and
- prevent accidental loss or destruction of, or damage to, Personal Data (Principles of Integrity and Confidentiality).