What data do you collect?
Data subjects need to be aware of what data you actually hold, and this can range from name and contact details to bank details to special category data. This especially applies to when a child’s data is collected.
Why do you collect the data?
There must be a purpose for you collecting the data.
Who will the data be shared with? And why?
What third parties will you be sharing the data with and why they need to have their data. This helps build transparency and also give the data subject more control over their data. There is no requirement to name specific third parties, however, you can just mention e.g. ‘your personal data will be shared with external lawyers for XYZ purposes’.
If you will be transferring the data internationally and/or outside of the EEA?
This helps build transparency and also give the data subject more control over their data.
How long the data will be kept for?
This gives data subjects the knowledge of how long their data will be held for, again building trust and transparency.
Not only is this a specific requirement of GDPR but it also allows the data subject to know what they are entitled to under Data Protection.
The name and contact details of your Data Protection Officer / Representative (if applicable).
This gives the data subject the opportunity to speak to someone within your organisation if they have any GDPR questions, request and complaints.
Data given by the data subject.
Data obtained from public / online sources.
Data obtained by a third party.
There may be occasions where an organisation may use a third party to collect data on the organisation’s behalf. When this is the case, the organisation must provide the privacy information to the data subject within a reasonable period of obtaining the personal data and no later than one when the first communication takes place.
- Being transparent towards your users is possibly the most important reason. Providing your clients and customers with a clear picture of why and how you process their personal data makes your clients feel secure
- It’s the law and you’re required to comply with GDPR.