All appropriate measures shall be taken to ensure that inaccurate data, taking into account the purposes for which they are processed, are erased or rectified without a delay.

The processing of data must take place in a manner that ensures its security, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage.

Security measures should be in place from the moment data are collected until they are deleted.

Data must be collected for specified, explicit and legitimate purposes and may not be further processed in a manner incompatible with those purposes.