The ongoing conversation around GDPR centers around compliance. Naturally, as data controllers and processors, making sure the way that we’re using data is compliant with the GDPR is a high priority. But the discussion is often oversimplified: does this comply or not? Though the regulations themselves may be straightforward, there are several vectors which make compliance challenging. GDPR requires the collection and processing of data to be tied to specific uses; the way clever analysts and data scientists use and think about data, however, is inherently creative and data collected for one purpose can often be used to serve a different, but related, need. As companies collect more data, the value of the data grows as it is joined with other growing data sets. So, under GDPR, we have to somehow manage the fact that different “pots” of data might be collected for different purposes and ensure that, if combined, the use of the combined data is still consistent with the specific purpose initially consented to during collection.
This is a companion discussion topic for the original entry at https://snowplowanalytics.com/blog/2018/03/09/how-to-manage-consent-for-gdpr-a-nuanced-approach/