The third principle of the Data Protection Act states that personal data processed by an organization must be adequate, relevant and not excessive in relation to the purposes for which it is processed. The principle aims to ensure data controllers only collect the minimum amount of personal data needed for their intended purposes. Data that is excessive or irrelevant in relation to the purpose violates this principle.