Purpose limitation
Purpose limitation requires that personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes. Controllers must identify the purposes before collecting data and disclose them in the privacy notice. Any new purpose for using existing data must be assessed for compatibility with the original purpose, or a new lawful basis must be identified.
DPA reference
Data Protection Act 2020
Related terms in Obligations
Anti-money laundering
Legal obligations requiring firms to detect and report financial crime.
Conflict of interest
A situation where a professional's duty to one client may be compromised by duties to another party.
Data breach notification
The legal requirement to report personal data breaches to the OIC within 72 hours.
Data minimisation
The principle that personal data collected should be limited to what is necessary for the stated purpose.