What is covered
Four GDPR-focused entries. The three rendered live in KB/src/kb/index.ts; one (overview.ts) is unwired draft — see KB Content Index.
Live articles
gdpr/article-6 — Lawfulness of Processing
KB/src/kb/index.ts:5–57. Walks the six lawful bases, focuses on Art. 6(1)(f) legitimate interest as the operative basis for B2B enrichment, three-part test (purpose, necessity, balancing), references EDPB Guidelines 06/2020 and Recital 47. Documents LIA requirement under Art. 5(2) accountability.
Citations: EDPB Guidelines 06/2020 (authoritative); Recital 47 (authoritative).
gdpr/article-14 — Transparency for Indirectly Obtained Data
KB/src/kb/index.ts:58–105. When Art. 14 applies (any indirect collection — registries, scraping, lists), the categories of required information under Art. 14(1)/(2), timing rules (Art. 14(3) — within one month or first communication, whichever earlier), and the narrow Art. 14(5)(b) “disproportionate effort” exemption. Cites IMY transparency guidance.
gdpr/article-17 — Right to Erasure
KB/src/kb/index.ts:106–145. Scope of erasure under Art. 17(1), interaction with Art. 21 objection for LI-based processing, opt-out hash list as best-practice implementation, one-month response window (Art. 12(3) extendable to three for complex requests). Cites WP29 Guidelines on Data Portability.
Unwired drafts (not exported)
gdpr/overview.ts
KB/src/kb/gdpr/overview.ts. Broader scope intro: GDPR purpose, territorial/material scope (Art. 2/3), key Art. 4 definitions (personal data, processing, controller/processor), Recital 14 on legal entities not being data subjects, six legal bases summary, data subject rights overview, IMY’s role under Art. 51/58/83, GDPR–Dataskyddslagen interaction. ~190 lines, 8 sections.
gdpr/article-6.ts
Deeper Art. 6 deep dive (~190 lines, 8 sections). Goes into why consent fails for B2B at scale, narrow Art. 6(1)(b) contract scope, the EDPB 2024 draft LI guidelines, Bisnode precedent context, and “red flags” that cause LI to fail (no LIA, Art. 9 data, no opt-out, ignoring Art. 21 objections, etc.).
gdpr/article-13-14.ts
Exhaustive Art. 13 vs Art. 14 analysis (~205 lines, 7 sections). Walks each of the nine mandatory disclosure items, the Bisnode case in full (UODO ZSOŚS.440.748.2019, ~6.4M Polish data subjects, Art. 14(5)(b) rejected), practical implementation of an Art. 14 notification email, and interaction with Art. 6 / RoPA.
gdpr/article-30.ts
RoPA deep dive (~185 lines, 6 sections). Why Art. 30(5) “fewer than 250 employees” exemption almost never applies to enrichment platforms, model RoPA structure with five activity types (Bolagsverket ingestion, scraping, export, opt-out register, account management), electronic implementation, and IMY audit-readiness expectations.
Cross-references in the main wiki
- GDPR Legitimate Interest covers the same Art. 6(1)(f) framing for the production pipeline; the KB modules go deeper on the LIA documentation requirement.
- Article 14 covers the operational notification obligation; KB
article-14covers the legal text and timing rules. - RoPA Log covers the database table; KB
article-30.tscovers the broader documentation obligation.
See also
KB Content Index, KB Swedish Law, KB B2B Enrichment, KB IMY Decisions.