I think that you should specify purposes of gathering personal data, then gather the data and keep the quality of the data. Why do you think OECD describes #1 prior to #2?
Next question is about #1 and #3. Why do you think OECD separates #1 and #3? I think they are very similar and the difference is only that #1 requires keeping data up-to-date. So I think #1 should include only "keeping data up-to-date" in its meaning. What do you think?
Haneda, Masahiro Certification: CISSP, CCSP, CCSK, PMP, ITIL Foundation V3 Location: Japan My LinkedIn Profile