You are reading a single comment by @Brain-Stew and its replies.
Click here to read the full conversation.
-
So an entity with a legitimate need to process data (validated by the GDPR regulator), which notifies and receives consent from individuals that the data can be collected, is complying with GDPR. If not, then it is not, and is liable for prosecution (both as a corporate but also to individual officers/stakeholders)
Brain-Stew
GDPR is easily got round if you show legitimate need to collect and process data with notices that you are doing so.