• GDPR is easily got round if you show legitimate need to collect and process data with notices that you are doing so.

  • So an entity with a legitimate need to process data (validated by the GDPR regulator), which notifies and receives consent from individuals that the data can be collected, is complying with GDPR. If not, then it is not, and is liable for prosecution (both as a corporate but also to individual officers/stakeholders)

About

Avatar for Ramsaye @Ramsaye started