One of the core motives of the General Data Protection Regulation is that data subjects are informed about the processing of their data in order to maintain a minimum level of control. This is because reasonably transparent data processing is a prerequisite for the enforcement of rights such as compensation, rectification, erasure or restriction.
If data is collected directly from the data subject, for example on a website or in an app, the law states that the data subject must be informed of certain circumstances of the data processing “at the time when personal data are obtained”. The information must therefore be provided at the latest when the data is collected. The circumstances about which information must be provided include, for example, the processing purposes, the data recipients and the deletion periods.
The law requires the information to be provided “in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child.”.
Procedure for information provision
The way of information provision in the company should be defined and documented. This may be carried out by means of a transparency directive.
Information of data subjects
Notification of data subjects about relevant data processing activities, either by means of electronic or physical privacy notices.
>> Find out which other data protection obligations have to be considered with respect to European data protection law.
.png){kind=small}
.png){kind=small}
.png){kind=small}
.png){kind=small}
