GDPR

A structured process required under GDPR Article 35 to identify, assess, and mitigate privacy risks arising from data processing activities that are likely to result in high risk to individuals. DPIAs are mandatory before deploying new technologies, large-scale profiling, or processing sensitive personal data, and must document the necessity, proportionality, and safeguards of the proposed processing.

A mandatory conformity marking for products sold within the European Economic Area, indicating that the product meets EU health, safety, and environmental protection requirements. For medical devices, CE marking under the Medical Device Regulation (MDR 2017/745) requires conformity assessment by a Notified Body, clinical evaluation, and ongoing post-market surveillance.

An EU legislative framework (PSD2, Directive 2015/2366) governing payment services and payment service providers across the European Economic Area. PSD2 introduced requirements for strong customer authentication, mandated open access to payment account data for authorised third parties (enabling open banking), and created new categories of regulated payment institutions.

The EU regulatory framework (Regulation 2017/745) governing the design, manufacture, and distribution of medical devices in the European market, which replaced the Medical Devices Directive (93/42/EEC) with significantly stricter requirements. MDR imposes enhanced clinical evidence requirements, more rigorous conformity assessment procedures, a Unique Device Identification system, and comprehensive post-market surveillance obligations.

An approach to systems engineering and product development that embeds data protection principles into the design and architecture of IT systems and business practices from the outset, rather than retrofitting them. Privacy by Design is codified as a legal requirement under GDPR Article 25 and encompasses data minimisation, pseudonymisation, and purpose limitation as default settings.

The California Consumer Privacy Act, a US state privacy law granting California residents rights over their personal information, including the right to know what data is collected, the right to delete it, the right to opt out of its sale, and the right to non-discrimination for exercising these rights. As amended by the CPRA (2023), CCPA closely mirrors certain GDPR provisions and has influenced privacy legislation in other US states.

The principle that data is subject to the laws and governance structures of the country in which it is collected or stored. Data sovereignty requirements affect cloud computing architecture, cross-border data transfers, and vendor selection, particularly in light of GDPR restrictions on transfers to countries without adequate data protection standards.

Data that a customer intentionally and proactively shares with a business, including preferences, purchase intentions, communication choices, and personal context. Unlike first-party data (which is observed from behaviour), zero-party data is explicitly volunteered through mechanisms such as preference centres, surveys, quizzes, and account settings.

Is Opagio data secure and encrypted?

Opagio uses industry-standard encryption, secure APIs, and access controls. However, you should review our Data Privacy Policy for full details before uploading sensitive company information.

What role does data privacy play in building customer trust?

Data privacy is table-stakes for trust. Customers must know data is secure, encrypted, not sold, and handled according to GDPR and other regulations.

How does GDPR affect the valuation of data and customer relationship assets?

GDPR constrains data monetisation, requires consent for data processing, and introduces significant penalty risk — all of which affect the valuation of data assets and customer relationship intangibles.