Data Protection Principle 3

 

thinks

 

  • Is the personal information you hold adequate, relevant and not excessive?
  • How do you know
  • Are your current processes and checks sufficient?
  • If required to demonstrate compliance, how would you do it?