Need a certification?

Get certified in Data Protection and GDPR Level 2 (VTQ) for just £24.95 + VAT.

Get Started

The right to be informed

Video 18 of 32
2 min 54 sec
English
English
Want to watch this video? Sign up for the course or enter your email below to watch one free video.

Unlock This Video Now for FREE

This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.

vimeo-icon Watch Using YouTube Player Transcript

Previous video

Data Transfers

Next video

The right of access - SAR

GDPR Compliance: Providing Information to Individuals

Importance of Providing Information

Every individual has the right to understand how their personal data is processed and who has access to it. To comply with GDPR regulations, data controllers must furnish individuals with details about their data processing activities.

Direct Collection of Data

When collecting data directly from an individual:

  • Inform at Time of Collection: Explain the data processing intentions at the point of collection.
  • Methods of Notification: Provide privacy policy information through email links, attachments, or hard copies via post.

Indirect Collection of Data

If data is collected from another source:

  • Timely Disclosure: Provide privacy policy information either at the first instance of data usage or within one month of obtaining the data.
  • Prior to Disclosure: Ensure information is given to the individual before sharing the data with any other recipient.

Components of Privacy Policy

Your privacy policy should contain:

  • Organisation Details: Name, contact information, and representative's details.
  • Data Protection Officer: Contact details if appointed.
  • Data Processing Information: Reasons for processing, lawful basis, and legitimate interests (if applicable).
  • Information Sharing: Recipients and categories of shared data.
  • International Transfers: Details of transfers to third countries.
  • Data Retention: Duration of data retention.
  • Individual Rights: Information about rights regarding data processing.
  • Withdrawal of Consent: Procedure for withdrawing consent, particularly relevant for marketing purposes.
  • Complaint Process: How individuals can lodge complaints with supervisory authorities.
  • Automated Decision-making: Existence and details of any automated decision-making or profiling.

If data is collected from a third party, details of the source should be provided.

Ensuring Accessibility

Make individuals aware of your privacy policy by:

  • Placement: Include the policy on your website.
  • Active Notification: Actively inform individuals and provide easy access to the policy.

Previous video

Data Transfers

Next video

The right of access - SAR