The GDPR, Brazil LGPD, Thailand PDPA, and many other privacy regulations around the globe require that organizations determine the legal basis for processing individuals’ data (customers, employees, etc.) as part of their business operations. For example, Article 6 of the GDPR states that processing shall be lawful only if at least one of the following applies: data subject consent has been obtained; processing is necessary for performance of a contract; processing is necessary for compliance with a legal obligation, to protect someone’s life or to perform a task in the public interest; or the processing is necessary for your legitimate … Continue reading Four Boxes You Must Have Checked Before You Leverage Legitimate Interests as Your Basis for Data Processing
by Gary LaFever, CEO of Anonos Taking the “personal” out of Personal Data® Many companies aren’t yet aware that they are or will be doing anything wrong processing analytics or using historical data bases under the GDPR. While many companies are understandably focused on conducting data inventories and data protection impact assessments, it is critical to note that inventories and assessments will not support new legal bases required under the GDPR for processing data analytics or for using historical databases involving EU personal data. An important aspect of the GDPR is the new requirement that “consent” must be specific and … Continue reading Can You Legally do Analytics Under the GDPR?