UK GDPR Principles
Data subject rights
UK GDPR Compliance
Principle 2: Purpose limitation
The second principle requires that we should only process personal data once we have identified and recorded our purpose for processing, i.e. we are clear about the reasons for which we are processing the data.
Also, if we plan to process data for a new purpose, we can only do so if it is compatible with the original purpose, we get consent, or we have a clear obligation under the law.