87 The second data protection principle
87 The second data protection principle

(1)     The second data protection principle is that—

(a)     the purpose for which personal data is collected on any occasion must be specified, explicit and legitimate, and

(b)     personal data so collected must not be processed in a manner that is incompatible with the purpose for which it is collected.

(2)     Paragraph (b) of the second data protection principle is subject to subsections (3) and (4).

(3)     Personal data collected by a controller for one purpose may be processed for any other purpose of the controller that collected the data or any purpose of another controller provided that—

(a)     the controller is authorised by law to process the data for that purpose, and

(b)     the processing is necessary and proportionate to that other purpose.