Want to watch this video? Sign up for the course here. Or enter your email below to watch one free video.

Unlock This Video Now for FREE

This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.

To comply with the principle of purpose limitation you must specify why you are collecting personal data and be very clear about what you will do with that data. It is important to make sure that the information you provide is accurate and that you only process the data in a way that is compatible.

This should be clearly set out in your privacy policy and individuals should be provided with easy access to the information via good navigation on your website and also by providing a link to the privacy policy page in email correspondence.
The GDPR Regulations state that “personal data must be collected for specified explicit and legitimate purposes and not be further processed in a manner that is incompatible with those purposes.”

Clearly setting out your purposes from the beginning will help you to meet the requirements for accountability and will help to build trust, plus it will also give the individual the opportunity to decide if they are happy for you to process their personal data. This is only possible if they are fully aware of what you intend to do with it.

If you are considering using data for a different purpose you will have to consider the relationship you have with the individual and whether they would expect you to use their data for this purpose. This is particularly important when it comes to sensitive data where you will also have to consider the potential consequences to the individual involved.

If you have any doubts it is advisable to gain specific consent from the individual before using or disclosing their data in any other way.