§ 32 BlnDSG
General Principles for the Processing of Personal Data
(1)Personal data must 1. be processed lawfully and fairly, 2. be collected for specified, explicit and legitimate purposes and must not be processed in a manner that is incompatible with those purposes, 3. be adequate, relevant and not excessive in relation to the purposes for which they are processed, 4. be accurate and, where necessary, kept up to date; all reasonable measures shall be taken to ensure that personal data that are inaccurate in light of the purposes of their processing are erased or rectified without delay, and 5. be processed in a manner that ensures appropriate security of the personal data; this includes protection, to be ensured by suitable technical and organisational measures, against unauthorised or unlawful processing, accidental loss, accidental destruction or accidental damage.
(2)Personal data shall not be stored in a form which permits identification of data subjects for longer than is necessary for the purposes for which they are processed.
(3)The controller shall be responsible for and must be able to demonstrate compliance with paragraphs 1 and 2. This shall apply accordingly to the provisions of Section 34 and Section 35(1) to (3). zur Einzelansicht § 32 Kapitel 2 Rechtsgrundlagen der Verarbeitung