"GDPR Says Yes"

Lawfulness, fairness, and transparency: Personal data must be processed in a way that is lawful, fair, and transparent.

Purpose limitation: Personal data must be collected for specific, legitimate purposes and not used in a way that is incompatible with those purposes.

Data minimization: Personal data must be limited to what is necessary and not collected on the chance that it might be useful in the future.

Accuracy: Personal data must be accurate and kept up to date where necessary.

Storage limitation: Personal data must be kept for no longer than is necessary.

Integrity and confidentiality (security): Personal data must be handled in a way that ensures appropriate security.

Accountability: Organizations must be accountable for how they process personal data.