http://www.legislation.gov.uk/id/ukpga/2018/12/enacted

PART 4Intelligence services processing

CHAPTER 2Principles

The data protection principles

87The second data protection principle

1

The second data protection principle is that—

a

the purpose for which personal data is collected on any occasion must be specified, explicit and legitimate, and

b

personal data so collected must not be processed in a manner that is incompatible with the purpose for which it is collected.

2

Paragraph (b) of the second data protection principle is subject to subsections (3) and (4).

3

Personal data collected by a controller for one purpose may be processed for any other purpose of the controller that collected the data or any purpose of another controller provided that—

a

the controller is authorised by law to process the data for that purpose, and

b

the processing is necessary and proportionate to that other purpose.

4

Processing of personal data is to be regarded as compatible with the purpose for which it is collected if the processing—

a

consists of—

i

processing for archiving purposes in the public interest,

ii

processing for the purposes of scientific or historical research, or

iii

processing for statistical purposes, and

b

is subject to appropriate safeguards for the rights and freedoms of the data subject.