All individuals have the right to be informed about the collection and processing of their personal data. This is one of the basic principles of data processing under GDPR.
Each person whose data is collected must be informed in detail about who collects information about them, what types of data are collected, for what purpose it is collected and how long it will be processed, as well as about any possible transfers of data to third parties.
The person whose data will be processed must also be informed about their rights to view, edit, delete or transfer data, as well as about the right to be forgotten.
All communications related to the processing of personal data should be easily accessible and understandable to persons whose data is processed:
The principle of transparency requires that any information addressed to the public or to the data subject be concise, easily accessible and easy to understand, and that clear and plain language and, additionally, where appropriate, visualisation be used.
One of the methods used by companies to meet these obligations is to create and publish a privacy policy whose purpose is to inform users about what personal data is collected and how it can be used.
Another way of informing about what data is collected consists in placing a relevant message, e.g. under a contact form via which users provide their data.
Importantly, the GDPR also imposes an obligation on organizations to allow users to view, edit and delete their data. The solution that enables this obligation to be implemented is e.g. profile pages.
Such pages allow potential and current customers to be informed about the data that the company has collected about them. This solution also provides contacts with the ability to withdraw from specific consents , as well as to edit, export and delete all their data from the database.
Leave a Reply