Article 24: Principles of Personal Data Processing

Article 24.01

(1) A data controller or data processor shall ensure that personal data is — (a) processed in a fair, lawful and transparent manner; (b) collected for specified, explicit, and legitimate purposes, and not to be further processed in a way incompatible w...

Article 24.02

A data controller and data processor shall use appropriate technical and organisational measures to ensure confidentiality, integrity, and availability of personal data.

Article 24.03

Notwithstanding anything to the contrary in this Act or any other law, a data controller or data processor owes a duty of care, in respect of data processing, and shall demonstrate accountability, in respect of the principles contained in this Act.

Article 24.04

For the purposes of subsection (1) (b) — (a) compatibility of further processing shall be assessed considering — (i) the relationship between the original purpose and the purpose of the intended further processing, (ii) the nature of the per...