Karmarvanna

Everyone responsible for using personal data
has the to follow strict rules,

'data protection principles'
They must make sure the information is

used fairly,lawfully and transparently
used for specified,explicit purposes
used in a way that is adequate,relevant and limited to only what is necessary
accurate and,where necessary,kept up to date
kept for no longer than is necessary
handled in a way that ensures appropriate security,including protection against unlawful or unauthorised processing,access.loss,destruction or damage.

There is a stronger legal protection for more sensitive information,such as

race,ethnic background,political opinions,religious beliefs,trade union membership,genetics,biometrics (where used for identification) health,sex life or orientation

There is stronger legal protection for more sensitive information,such as criminal convictions and offences.