31. The elements necessary to implement the principle of purpose limitation include—
(a) specifying the purpose for each processing of personal data;
(b) determining the legitimate purposes for the processing of personal data before designing organisational measures and safeguards;
(c) the purpose for the processing being the determinant for personal data collected;
(d) ensuring a new purpose is compatible with the original purpose for which the data was collected;
(e) regularly reviewing whether the processing is necessary for the purposes for which the data was collected and test the design against purpose limitation; and
(f) the use of technical measures, including hashing and cryptography, to limit the possibility of repurposing personal data.