Map of Content for compliance-related notes (8 notes). Legal basis is GDPR Article 6(1)(f) — legitimate interests in B2B contact data. The Bisnode case (Poland 2019, €220K) is the canonical lesson.
Start here
GDPR Legitimate Interest — Article 6(1)(f) basis and balancing test. Bisnode case — what went wrong and what we fixed.
Legal basis
- GDPR Legitimate Interest — Article 6(1)(f) basis, balancing test
- Bisnode case — IMY decision, the lesson behind Article 14 timing
Mechanisms
- Opt-Out Hashes — HMAC-SHA256 with deployment-specific
HASH_SALT; superseded plain SHA-256 (seedocs/adr/0007) - Reklamspärr — SCB advertising-block flag; gate present in 4 locations (workers.ts, enrichDispatcher.ts, pipeline.ts, reklamsparre.ts)
- Article 14 — fires at collection time in
updateWorker.ts:71-86, NOT at export - RoPA Log — record of processing activities; append-only audit trail
- Blocklists — domain blocklist + opt-out blocklist composition
- Domain Blocklist — domain-level rejection rules
See also
- KB MOC — KB content modules cover the same legal landscape
- KB B2B Enrichment — data minimization + retention legal context
- KB GDPR Articles — annotated GDPR articles 6, 13/14, 30
docs/adr/0006-article-14-at-collection-not-export.mddocs/adr/0007-hmac-sha256-opt-out-hashing.mddocs/COMPLIANCE_REPORT.md(in repo) — board-level compliance report