As you will be aware, the law has changed with regard to the General Data Protection Regulation (GDPR), and will remain in place even after the UK leaves the EU in 2019. GDPR will condense the Data Protection Principles into six areas, which are referred to as the Privacy Principles.
1. You must have a lawful reason for collecting personal data and must do it in a fair and transparent way.
2. You must only use the data for the reason it is initially obtained.
3. You must not collect any more data than is necessary.
4. It has to be accurate and there must be mechanisms in place to keep it up to date.
5. You cannot keep it any longer than needed.
6. You must protect the personal data.
These privacy principles are supported by a further principle – accountability. We have updated our Privacy Notice to ensure we are GDPR compliant.