Vast amounts of personal data are collected, used and transferred to third parties every day for a variety of reasons. However, where do you draw the line between the rights of individuals to protect their personal data and the needs of organisations to collect, use or disclose the data?