An overview of the six Data Privacy Register principles
Be honest, open and transparent about how you collect personal information (both directly and indirectly), how you use it, who you may disclose it to and how you dispose of it.
Store personal information for the shortest time possible.
Collect, use and disclose personal information for a defined purpose only. Obtain consent from your customers and clients for that defined purpose. If you wish to use personal information for another purpose, seek permission to do so first.
Process personal information securely. Where appropriate, use pseudonymisation and encryption. Ensure the systems, services and the personal information you process within them are confidential, available and maintain integrity.
Limit personal information usage and disclose to customers the possible instances where their personal information will be shared. Where possible, use anonymous data. As yourself this question: "Is this collected data necessary, adequate and relevant for your intended purpose?"
Take all reasonable steps to ensure the personal information you hold is not incorrect or misleading. Allow users to update their data and make it simple for them to do so.