Whyou need Fair Processing or Privacy Notices?
Fair Processing Notices or Privacy Notices are key to fulfilling the transparency requirements under the GDPR. Individuals have the right to be informed about the collection and use of their personal datahe GDPR places more emphasis on information that should be provided to individuals about what you do with their personal data.
- Article 5 requires that data processing is fair, lawful and transparent
- Article 12 requires that information provided to individuals must be in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
- Articles 13 and 14 specify what individuals have the right to be informed about.
Transparency is also about engendering trust. If you’re not honest with people about what you do with their data, or you hide important information behind overly complex and legalistic language, people will be less willing to put their trust in you and provide you with their personal data. In addition to any
Put in simple terms, use plain language, tell people who you are and how to contact you,
- The individual already has the information – If you know, or it’s obvious, that an individual already has some of the necessary information, you do not need to provide it to them. However, you must still provide them with anything that they don’t already have. You may not know what information an individual already has. If you are unsure, it is best to provide individuals with all the relevant privacy information.
- When you obtain personal data from a source other than the individual it relates to, you do not need to provide them with privacy information if:
- The individual already has the information
- Providing the information to the individual would be impossible
- Providing the information to the individual would involve a disproportionate effort
- Providing the information to the individual would seriously impair meeting the objectives of the processing
- You are required by law to obtain the personal data
- You are subject to an obligation of professional secrecy regulated by law that covers the personal data
- The use of layered privacy notices online: allowing data subjects to navigate to whichever part of the privacy statement they wish to access without being required to scroll through large amounts of text. The design and layout of the first layer “should be such that the data subject has a clear overview of the information available to them” and need only expand sections for greater detail.
- A “just-in-time” notice will provide specific privacy information when it is most relevant to the data subject — for example, during an online purchase a pop-up next to a field requesting the purchaser’s telephone number might explain that the information is only being collected concerning contact related to the purchase and will only be disclosed to the relevant delivery service.
- Alternatives may include hard copy notices with written explanations or notices included in leaflets, infographics or flowcharts for contracts concluded via post;
- Oral explanations provided via telephone either by a real person or automated system that includes options to access more detailed information;
Depending on the business channel there are various ways of delivering the information. The (formerly WP29) suggests several methods of providing transparency information:
It is good practice to use the same medium you use to collect personal data to deliver privacy notices.Taking a blended approach, using more than one of these techniques, is often the most effective way to provide privacy notices.