GDPR
CSU’s Compliance with the European Union’s General Data Protection Regulation (GDPR), and the California Consumer Protection Act (CCPA)
Personal Data shall be:
- Processed (i.e. collected, handled, stored, backed up, made accessible, disclosed and destroyed) fairly, lawfully and transparently. An organization must have a ‘legal basis’ for processing an individual’s personal data (e.g. the individual has consented to the processing, or the processing is necessary to operate a contract with them, or the processing is necessary to fulfil a legal obligation).
- Processed only for specified, explicit and legitimate purposes.
- Adequate, relevant and limited to only what is necessary or for which consent has been given.
- Accurate (and corrected if it becomes inaccurate).
- Not retained for longer than necessary – data retention periods.
- Processed securely.