Principle 2: Purpose limitation

The second principle requires that we should only process personal data once we have identified and recorded our purpose for processing, i.e. we are clear about the reasons for which we are processing the data.

Also, if we plan to process data for a new purpose, we can only do so if it is compatible with the original purpose, we get consent, or we have a clear obligation under the law.

Introduction to the UK GDPR

Principle 2: Purpose limitation