Mindspeller

Log in
Free Trial

Terms and Conditions

Mindspeller's Commitment to Data Security and GDPR-Compliant Incident Management

Leuven, Belgium – June 21, 2025 – In response to user inquiries regarding its data breach and incident management protocols, Mindspeller, the innovative neuromarketing and social media platform, has outlined its comprehensive and GDPR-compliant approach to data protection. The company emphasizes its commitment to the highest standards of data security, particularly given the sensitive nature of the EEG (electroencephalogram) data it utilizes.

At the core of Mindspeller’s data protection strategy is a foundational commitment to the principles of the General Data Protection Regulation (GDPR). The company’s incident management and data breach procedures are designed to be robust, transparent, and fully aligned with legal obligations.

A Multi-Layered Approach to Data Breach Management

Mindspeller has implemented a multi-layered incident response plan to promptly identify, contain, and mitigate any potential data security incidents. This plan is regularly reviewed and updated to adapt to the evolving threat landscape.

Key pillars of Mindspeller's incident management process include:

  • Immediate Investigation and Assessment: In the event of a suspected data breach, a dedicated incident response team is immediately mobilized to investigate the nature and scope of the incident. A thorough risk assessment is conducted to determine the potential impact on individuals’ rights and freedoms.
  • Containment and Remediation: Swift action is taken to contain the incident and prevent any further unauthorized access to data. This includes isolating affected systems, eradicating any malicious presence, and implementing necessary security patches and updates.
  • Notification to Supervisory Authorities: In strict adherence to GDPR timelines, Mindspeller will notify the relevant data protection supervisory authority of any personal data breach that is likely to result in a risk to the rights and freedoms of individuals. This notification will be made without undue delay, and where feasible, within 72 hours of becoming aware of the breach. The notification will provide a detailed account of the incident, the categories of data and individuals affected, the likely consequences, and the measures taken to address the breach.
  • Transparent Communication with Affected Individuals: Should a data breach pose a high risk to the rights and freedoms of our users, Mindspeller is committed to communicating the breach to the affected individuals without undue delay. This communication will be clear, and concise, and will provide practical advice on how to mitigate potential adverse effects.
  • Thorough Documentation: All data breaches, regardless of their severity or notification status, are meticulously documented. This internal register includes the facts relating to the breach, its effects, and the remedial action taken, ensuring accountability and facilitating continuous improvement of our security measures.

The Special Case of EEG Data

Mindspeller acknowledges the unique sensitivity of the EEG data processed on its platform. This data is classified as special category data under GDPR, necessitating a heightened level of protection.

A cornerstone of Mindspeller’s data privacy strategy is the principle of data minimization and pseudonymization. The company’s “Survey-Disclaimer” clarifies that it takes extensive measures to avoid collecting directly identifying personal information alongside EEG data. Where possible, data is anonymized or pseudonymized to prevent the identification of individuals. This significantly reduces the risk of re-identification in the event of a security incident. The company asserts that as it does not store personal data in an identifiable format, a Data Protection Officer has not been appointed, a stance permissible under GDPR when personal data is not processed.

For the EEG data that is collected, robust technical and organizational security measures are in place, including encryption and access controls, to safeguard its integrity and confidentiality.

By combining a proactive and transparent incident response framework with a data governance model centered on pseudonymization and data minimization, Mindspeller aims to provide its users with a secure and trustworthy platform for engaging with neuromarketing and social media in a privacy-respecting manner.