blog

Why purpose is a cornerstone in the GDPR

๐Ÿ’ก Purpose is "the essential first step in applying data protection law", a "pre-requisite for applying other data quality requirements" and a "CORNERSTONE of data protection" โ€“ so make sure you know how to work with it.

a month ago   •   2 min read

By Rie Aleksandra Walle

Why is 'purpose' so crucial in the GDPR?

Let's have a look:

But to understand and apply the rules correctly, we must also grasp the concepts of:

๐Ÿ“ nature
๐Ÿ“ scope
๐Ÿ“ context
๐Ÿ“ subject-matter
๐Ÿ“ (strict) necessity
๐Ÿ“ proportionality
๐Ÿ“ reasonable expectations

๐“๐ก๐ž๐ฌ๐ž ๐š๐ซ๐ž๐ง'๐ญ ๐ฃ๐ฎ๐ฌ๐ญ ๐ญ๐ก๐ž๐จ๐ซ๐ž๐ญ๐ข๐œ๐š๐ฅ ๐œ๐จ๐ง๐œ๐ž๐ฉ๐ญ๐ฌ.

I've put them into practice countless times through:
๐Ÿ“‹ Audits
๐Ÿ“‹ Purpose and legal bases reviews
๐Ÿ“‹ Records of processing activities (ROPAs)
๐Ÿ“‹ Risk assessments
๐Ÿ“‹ Data protection impact assessment (DPIAs)
๐Ÿ“‹ Role assessments
๐Ÿ“‹ Legitimate interest assessments (LIAs)
๐Ÿ“‹ Data protection by design and by default (DPbDD)
๐Ÿ“‹ Necessity and proportionality tests

I've experienced first-hand how these concepts work, and can be tricky, in real life, ๐’Š๐’ ๐’‘๐’“๐’‚๐’„๐’•๐’Š๐’„๐’†, both through years of client work and in my own business.

Working ๐’‰๐’‚๐’๐’…๐’”-๐’๐’ with compliance is what really solidifies our knowledge.

If you're curious to hear more about this hands-on approach and my new series Back to Basics GDPR, sign up for the free newsletter The Rieview.

PS: And for you who wants to dive deeper into purpose, here's a worksheet to get you started:

GDPR purpose definition worksheet from Rie - NoTies Consulting
GDPR purpose definition worksheet from Rie - NoTies Consulting.pdf
278 KB
download-circle

Spread the word

Keep reading