Bud P. Bruegger (ULD)
|Acknowledgements: The author thankfully acknowledges the contribution by Iñigo de Miguel Beriain (UPV/EHU) who wrote an analysis of this principle as input to the here presented description.|
The following discusses the principle of purpose limitation that is defined in Art. 5(1)(b) GDPR.
Purpose limitation at a glance:
Data that was collected for specified “initial” purposes shall only be further processed:
For the general case, the GDPR gives criteria for how to determine the compatibility of purposes (see Art. 6(4)). In addition, some purposes are preapproved as compatible by the GDPR (see Art. 5(1)(b)) as long as appropriate safeguards are implemented (see Art. 89). Namely, these are: