Every controller or processor shall ensure that personal data are –
(a) processed lawfully, fairly and in a transparent manner in relation to any data subject;
(b) collected for explicit, specified and legitimate purposes and not further processed in a manner incompatible with those purposes;
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
(d) accurate and, where necessary, kept up to date, with every reasonable step being taken to ensure that any inaccurate personal data are erased or rectified without delay;
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
(f) processed in accordance with the rights of data subjects.