The General Data Protection Regulation (GDPR) imposes a so-called "accountability obligation" on the controller in Article 5(2). This means that there is an obligation to comply with the principles set out in Article 5(1) of the GDPR and to demonstrate compliance with them.

For this reason, the University of Oldenburg, as the responsible party, has set itself the following data protection goals in its data protection guideline:

• Purpose limitation/data minimisation: Personal data are only collected for defined, clear and legitimate purposes and may not be further processed in a way that is incompatible with these purposes. They must be adequate and relevant to the purpose and limited to what is necessary for the purposes of the processing.

• Availability: A high level of availability is ensured by the performance-optimal provision of desired IT services of a system in the designated time. The hardware and software, including the data, are available when they are actually needed.

• Integrity: Users can be sure that the data is correct, i.e. its content is correct and also complete. The information is only processed by authorised persons and only in the manner intended.

• Authenticity: The recipient can be certain beyond doubt that the information was actually created by the named author and not falsified or otherwise altered by third parties.

• Binding nature/reviewability: Those involved in a transaction are actually authorised and do not have any means of disputing their involvement. Corresponding documentation (on the programme side) makes it possible to trace who made which change at which point in time.

• Transparency: The individual procedural steps during data processing are complete, up-to-date and are documented in such a way that they can also be traced within a reasonable period of time.