§ 28 LDSG RP
General Principles
(1)The processing of personal data by a body competent under Section 26(1) for the purposes referred to therein shall be lawful if and insofar as it is necessary for the performance of a task carried out in the public interest.
(2)Personal data 1. must be processed lawfully, 2. must be collected for specified, explicit and legitimate purposes and not processed in a manner incompatible with those purposes, 3. must be adequate for, relevant to and not excessive in relation to the purposes for which they are processed, 4. must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay, 5. must not be kept in a form which permits identification of the data subject for longer than is necessary for the purposes for which the personal data are processed, and 6. must be processed in a manner that ensures appropriate security of the personal data; this includes protection, to be ensured by appropriate technical and organisational measures, against unauthorised or unlawful processing, accidental loss, accidental destruction or accidental damage. zur Einzelansicht § 28