Transparency - Information about processing
Individuals have the right to be informed about the collection and use of their personal data. Articles 13 and 14 of the Applied GDPR specify what individuals have the right to be informed about.
This right forms the key transparency requirement of the Applied GDPR and requires controllers to provide individuals with all the information necessary to understand what will happen to their personal data, how it will be protected, how long it will be kept, where it may be transferred to, and to know what rights they have in relation to that data. This is often known as ‘privacy information’.
Controllers are required to provide privacy information:
- in a concise, transparent, intelligible and easily accessible form
- in clear, plain language adapted as necessary to meet the target audience needs, especially where children, or other vulnerable groups, are concerned
- in conjunction, if needed or desirable, with standardised icons to give an easily visible, intelligible and clearly legible overview of the intended processing
The privacy information to be supplied is summarised as follows:
Using an effective approach can help you to comply with other aspects of the Applied GDPR and foster trust with individuals. Getting this wrong can leave you open to fines and lead to reputational damage.
There is more information about transparency in the Closer Look guide below.