Inform data subjects about processing

The requirements of the notification practices for controllers changed with the application of the GDPR. The Office of the Data Protection Ombudsman urges industries to create shared notification practices as part of the codification of practices in the industry.

Article 29 Working Party's transparency guidelines contain more detailed instructions and examples of transparent notification.

Read guidelines here (pdf)

Intelligibility of information

The GDPR also obligates controllers to evaluate whether the information is provided in intelligible language and consistent form. The evaluation should be made with regard to the potential target group. The purpose is for an average member of the target group to obtain a comprehensive and clear overall picture of the processing of personal data.

It is not sufficient to simply make the information on the processing of personal data available to the data subject; it must be provided in an intelligible, concise and clear form.

Information content

The GDPR specifies that the contents of the information to be delivered to the data subject are partly dependent on whether the personal data was collected directly from the data subject or from another source. 

Transparency

The principle of transparency is provided for as part of the principle of lawful and fair processing. The personal data must be processed transparently in relation to the data subject, and the controller must be able to demonstrate this (accountability).

Where to start?

What information does the notification obligation require?

See the table: Information subject to the notification obligation (pdf)