O

Purpose limitation or data use limitations requires that businesses ensure that they limit the use of personal information (PI) to the purposes for which it was collected.The GDPR provides more leeway when it comes to purpose limitation.

Any unapproved cloud-based account or solution implemented by an employee for business use. It might also include the use of an unknown account with an approved provider, but administered by the user rather than corporate IT.

An unapproved cloud application that is connected in some way (typically by API) to that organization's SaaS or IaaS with access to corporate data but without permission from the organization.