Piano Data Privacy Officer, Louis-Marie Guérif, shares 5 Data Privacy principles every business should understand to remain compliant.

Your analytics should respect privacy — by design, not as an afterthought. 

Most analytics tools weren’t built for strict privacy compliance — and certainly not for the fast-evolving regulatory landscape in Europe and beyond. 

In this video, we break down what true GDPR-compliant analytics should look like — principles every financial institution needs to get right: 

Who’s responsible? 

Controller vs. processor — know the roles, the data being collected, why it’s collected, where it’s stored, and for how long. 

What’s personal data? 

Under GDPR, it’s not just PII. Any online identifier — browsing data, cookies, device IDs — counts as personal data. 

User rights 

1. Right to access their data 

2. Right to be forgotten (deletion) 

3. Right to object / opt out — easily, at any time 

Consent mechanics 

Consent should be as easy to withdraw as to give — with clear, granular controls, starting at the first layer of your cookie banner (CMP). 

Enabling transparency 

1. Clear, signed data processing agreements 

2. Configurable solutions that support opt-in / opt-out strategies 

3. Access to privacy experts who can help you stay compliant as rules evolve 

If your analytics platform can’t deliver this today — you’re exposed.