Under the General Data Protection Regulations (GDPR) which become law in every European Union State at the end of this month, everyone has the right to be informed. This means that every EU citizen must be given the information regarding what is held in their personal data file, how this information is being collected and what will be done with it.
When data is collected those whose data is requested must be informed and give their consent to what is being collected and how specifically it will be used. If the way in which the data is used changes, they must be informed and a new consent signed if they agree to the changed in data use.
Further, data subjects must receive this information in a manner, language, and form that is understandable to them. The information must be transparent, well organized, concise and accurate and in a format and language they can understand.
What Information Should Data Subjects Receive?
Subjects have a right to know at the point when data is being collected:
- The identity and contact information of the person(s) collecting the data
- Information about their right to withdraw consent
- Contact information about who oversees the data, processing, and storage.
- Source of the data
- Automated collection
- Decisions and decision makers regarding the data
- Purpose for processing data
- How data will be stored
- How data will be used
- How long data will be retained
- How data will be shared and with whom
Personal data obtained from outside sources must be reported to the individual within a month of getting this data.
Information needs to be reviewed, modified and updated as needed.
Why Citizens Need the Right to Be Informed
Under the GDPR, every EU citizen has the right to control what is shared, how, by whom and when.
What Does This Mean for Businesses?
Companies must be sure that what is being collected is clearly known to people and how this data is being used is legitimate. Privacy policies must clearly respect the right to be informed.