I’m currently doing a bit of research on the issues surrounding web-scraping for B2B contacts.
We’re talking here data that’d be available via a search engine, nothing like exporting data out of a closed environment, etc.
To summarise topics I’ve picked up so far:
– Verify nature and origin of data
– Minimise data collection to what is needed
– Inform data subjects of the data processing
– Contracts with sub processors
– If necessary ROPA
– Allow opt-out
– Processing is in line with purpose for which it was made public in the first place
Anything else I’m missing?