1. Member States shall provide for personal data to be:
(a) processed lawfully and fairly;
(b) collected for specified, explicit and legitimate purposes and not processed in a manner that is incompatible with those purposes;
(c) adequate, relevant and not excessive in relation to the purposes for which they are processed;
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed;
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
2. Processing by the same or another con
…