This process determines if existing personal data can be reused where the new Purpose is compatible with the Purpose that it was originally collected for.
To ascertain whether processing for another purpose is compatible with the original purpose for which personal data was initially collected, the Controller should take into account, among other things …
any link between the original purpose and the new purpose;
the context in which the personal data was originally collected – in particular, the Controller(s)’ relationship with the individual(s) and what they would reasonably expect;
the nature of the personal data – e.g. is it particularly sensitive;
the possible consequences for individuals of the new processing; and
The rules defining Purpose Compatibility are likely to change under the new Data Protection and Digital Information Bill.
1
You can only use the personal data for a new purpose if either this is compatible with your original purpose, you get consent, or you have a clear obligation or function set out in law.
2
As a general rule, if the new purpose is either very different from the original purpose, would be unexpected, or would have an unjustified impact on the individual, it is likely to be incompatible with your original purpose