What is a fundamental principle of the Data Privacy Act regarding data processing?

The fundamental principle of the Data Privacy Act regarding data processing is that data must be processed only for specified, legitimate purposes. This principle ensures that organizations are transparent about their data collection practices and that individuals understand how their personal data will be used.

This approach not only protects individuals from potential misuse of their data but also builds trust between data subjects and organizations. By requiring that data processing be limited to clear and legitimate purposes, the Act promotes accountability and responsible management of personal information. Organizations must clearly define and communicate the reasons for collecting and processing data, whether for improving services, fulfilling contractual obligations, or complying with legal requirements, ensuring that individuals are not taken by surprise regarding how their personal data is utilized.

In this context, the other options fail to align with the core values of data protection. Collecting excessive data can lead to privacy violations and misuse of information, while processing data in secrecy undermines the transparency essential for responsible data stewardship. Using data without informing subjects disregards the principle of consent and the rights of individuals to be aware of how their data is used.