The Article 29 Working Party (the EU’s group of data regulators) have published draft guidance on the transparency aspects of the General Data Protection Regulation (GDPR).
Transparency is a fundamental aspect of GDPR compliance and exists to empower data controllers to be open about what they’re planning on doing with their customer’s, employee’s, etc. data. Transparency isn’t a new thing for data protection, but the individual’s right to be informed (Articles 13 14) set out very specific rules about what data subjects have to be told when it comes to collecting their data.
The draft guidance covers everything from what transparency means to have to meet the requirements of GDPR Articles 13 and 14. Of particularly interest will be the guidance around how to make your privacy policies readable, but breaking them down into chunkable sections to avoid information overload in what will in essence be a substantial piece of text. It also, usefully, gives some pointers when it comes to giving over this information when you’re not in an electronic environment, e.g. orally, or via paper means.
The consultation runs until 23rd January.