Inform data subjects about processing
The requirements of the notification practices for controllers changed with the application of the GDPR. The Office of the Data Protection Ombudsman urges industries to create shared notification practices as part of the codification of practices in the industry.
Article 29 Working Party's transparency guidelines contain more detailed instructions and examples of transparent notification.
Intelligibility of information
The GDPR also obligates controllers to evaluate whether the information is provided in intelligible language and consistent form. The evaluation should be made with regard to the potential target group. The purpose is for an average member of the target group to obtain a comprehensive and clear overall picture of the processing of personal data.
It is not sufficient to simply make the information on the processing of personal data available to the data subject; it must be provided in an intelligible, concise and clear form.
The GDPR specifies that the contents of the information to be delivered to the data subject are partly dependent on whether the personal data was collected directly from the data subject or from another source.
The principle of transparency is provided for as part of the principle of lawful and fair processing. The personal data must be processed transparently in relation to the data subject, and the controller must be able to demonstrate this (accountability).