Specified Purpose

The clearly defined and explicitly stated reason for collecting and processing personal data, required under the purpose limitation principle. Under GDPR Article 5(1)(b), personal data must be collected for specified, explicit, and legitimate purposes and not further processed incompatibly with those purposes. Purposes should be: specific enough that individuals understand what will happen with their data, explicit rather than vague or implicit, determined before collection, and communicated to data subjects. Vague purposes like 'business operations' or 'improving services' are insufficient—organizations should state concrete purposes like 'processing orders,' 'providing customer support,' or 'sending monthly newsletters.' If processing purposes change or expand, organizations must assess whether new purposes are compatible with original ones or whether fresh legal bases (like consent) are required. Specified purposes inform retention decisions—data should be deleted when purposes are fulfilled. Purpose specification enables data subjects to make informed decisions and exercise rights meaningfully.