This is an EU data protection directive that has been in effect from May 25th, 2018
The updated principles of GDPR endorsed by both the EU and the US as it relates to processing, using or exchanging such data include:
Lawfulness, Fairness, and Transparency – Personal data processing activities should be communicated to data subjects in an open and honest manner.
Data Quality and Accuracy – Personal data being processed should be accurate, complete, and kept up-to-date.
Purpose Limitation – Collecting and processing personal data should be done so for the specified purpose only.
Data Minimization and Proportionality – Only personal data that is relevant and for a necessary purpose should be processed.
Storage Limitation – Only personal data that is relevant and for a necessary purpose should be retained.
Integrity and Confidentiality – Personal data must be secure.
Accountability – Personal data must be processed securely with responsibility and demonstrate compliance with EU and member state data protection laws.