§ 22 LDSG SH
General principles for the processing of personal data
(1)Personal data must 1. be processed lawfully and in good faith, 2. be collected for specified, explicit and legitimate purposes and not processed in a manner incompatible with those purposes, 3. be adequate for the processing purpose, be necessary for achieving the processing purpose, and their processing must not be disproportionate to that purpose, 4. be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data that are inaccurate with regard to the purposes for which they are processed are erased or rectified without delay, 5. not be stored in a form which permits the identification of data subjects for longer than is necessary for the purposes for which they are processed, and 6. be processed in a manner that ensures appropriate security of personal data; this shall also include protection ensured by appropriate technical and organisational measures against unauthorised or unlawful processing, accidental loss, accidental destruction or accidental damage. zur Einzelansicht § 22 Sub-section 2 Legal bases for the processing of personal data