Collect data

You can collect personal data variously, such as by user registration, having web forms, or tracking user statistics (by using Google Analytics, Optimizely Data Platform (ODP), visitors groups, and so on).

GDPR does not forbid you from collecting data but requires you to be very specific; you are allowed to collect data only for a specific purpose. Before collecting data, you need to consider the following questions carefully.

• Is it PII data you want to collect, or is it anonymized data that cannot be traced back to an individual?
• Will you store this data in a database?
• Are you processing data within the European Union?
• Are the data subjects in question located in the European Union?
• Can you motivate the collection of data? That is, do you have a legal reason for doing so? For example, to fulfill a legal agreement with the data subject, to protect the data subject's interest, etc.
• Is the purpose clearly defined, and will data not be used for any other purpose? You are not allowed to collect data that "might be nice to have in the future."
• Is the collected data appropriate (relevant and limited to) the purpose? For example, you cannot collect a phone number if the purpose is to sign up for email newsletters.
• Do you need consent for data collection, and do you have a process for getting consent from the data subjects? In some cases, you need consent to collect data, and in others, you do not. See also Ask for consent.
• Is the PII data considered sensitive? Does it relate to the data subject's sex, ethnicity, religious or political views, and so on? Sensitive data is allowed for collection only under certain conditions; see article 9 of the regulation.