The GDPR sets out six key principles. To ensure compliance the University must act in accordance with these principles. In brief, these are:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage information
- Integrity and confidentiality (security)
In addition, the University must be able to demonstrate its compliance with the principles. This is referred to as the accountability principle.
See the ICO website to read the principles in full.