31—Elements for principle of purpose limitation.

31. The elements necessary to implement the principle of purpose limitation include—
(a) specifying the purpose for each processing of personal data;
(b) determining the legitimate purposes for the processing of personal data before designing organisational measures and safeguards;
(c) the purpose for the processing being the determinant for personal data collected;

(d)  ensuring a new purpose is compatible with the original purpose for which the data was collected;

(e)  regularly reviewing whether the processing is necessary for the purposes for which the data was collected and test the design against purpose limitation; and

(f)  the use of technical measures, including hashing and cryptography, to limit the possibility of repurposing personal data.

 

206  PART V—ELEMENTS TO IMPLEMENT DATA PROTECTION BY DESIGN OR BY DEFAULT