5. Data Protection Principles
5.1. When using Personal Data, Data Protection Laws require that the College complies with the following principles. These principles require Personal Data to be:
5.1.1. processed lawfully, fairly and in a transparent manner;
5.1.2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
5.1.3. adequate, relevant and limited to what is necessary for the purposes for which it is being processed;
5.1.4. accurate and kept up to date, meaning that every reasonable step must be taken to ensure that Personal Data that is inaccurate is erased or rectified as soon as possible;
5.1.5. kept for no longer than is necessary for the purposes for which it is being processed; and
5.1.6. processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
5.2. These principles are considered in more detail in the remainder of this Policy.
5.3. In addition to complying with the above requirements the College also has to demonstrate in writing that it complies with them. The College has a number of policies and procedures in place, including this Policy and the documentation referred to in it, to ensure that the College can demonstrate its compliance.