- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
This is like the path to the logfiles, the factorio team does not need to know the path for debugging purposes and if they do not collect it, they do not risk collecting the username that can be personal information. The less data you collect, the less data can be inaccurate.
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’);
This is the retention time. Since you have to delete/anonymize data when not needed for the service you provided (and the user has agreed to), the data that need deleteion/anonymization has to be identified and therefore you have to be stored in a way that permit this.
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).
disentius wrote:As data collector, you have to write down what data you collect, and why. this is a one time thing, and you do not have to ask permission for data you are required to collect by law in your country. You DO have to inform your clients, pupils, website visitors, etc WHICH data you collect, and for what purpose.
I Think they refer to data that has to be kept ny law. That data cannot "accidentally disappear". Like ISPs that have to keep logfiles of their users IPs for helping police find people doing illegal activities (like some types of file sharing etc.).