E-training for personal data management and privacy

Personal data must be

1. processed lawfully, fairly and in a manner comprehensible to the data subject ("lawfulness, fair processing, transparency");
2. collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes; further processing for archiving, scientific or historical research purposes in the public interest or for statistical purposes shall not be considered incompatible with the original purposes pursuant to Article 89(1) ("purpose limitation");
3. adequate and relevant to the purpose and limited to what is necessary for the purposes of the processing ("data minimization");
4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data which are inaccurate in relation to the purposes of their processing are erased or rectified without delay ("accuracy");
5. stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed; personal data may be stored for longer periods insofar as the personal data are processed solely for archiving purposes in the public interest or for scientific and historical research purposes or for statistical purposes as referred to in Article 89(1), subject to the implementation of appropriate technical and organizational measures required by this Regulation to protect the rights and freedoms of the data subject ("storage limitation");
6. processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage by appropriate technical and organizational measures ("integrity and confidentiality");

The controller is responsible for compliance and must be able to demonstrate compliance ("accountability").