Blog

(Reading time: 2 - 3 minutes)

Transparency under the GDPR

In the “principles relating to processing of personal data” the GDPR says that personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. So, what does transparent mean in this case?

 

Transparency equals fairness

When we talk about transparency in relation to the processing of personal data we are also talking about fairness. It’s all about being open, clear and honest with data subjects from the get-go about who you are, how you’re planning on processing their data for what particular purpose. The GDPR is very strict when it comes to this. Transparency should be clear when asking for consent or when you have any kind of legal obligation or even in a contract situation. People, a.k.a. data subjects, need to know beforehand what is going to happen with their data and should be able to make a decision (whether to give consent, or whether to enter into an agreement for instance). They can only make an honest and conscious decision if they have all the information. Please note that the Data Authorities will not appreciate you using unclear language or wording to vaguely tell the data subject about the processing, in fact they may even fine you for doing it that way. You can find out more about those fines in my blog "Rights of Data Subjects & associated fines".

Talk to your audience

When explaining the processing of personal data to your data subjects you should keep in mind who you are talking to. Meaning, that you need to speak the language of your audience and at a level that everyone can understand.

Using icons to explain

The Data Authorities allow you to use Icons when explaining certain things. It’s like going on holiday to a country where you don’t speak the language but you’ll recognize the icons of bathroom, information and restaurant. Same applies to explaining the GDPR topics.

Here’s one I made earlier: "What data are we sharing with whom"?

GDPR icon for data sharing

A few icons bundled together to create a ‘what data are we sharing with whom’ image. Because these icons aren't the norm yet, it doesn’t stand alone. You’d still have to give a bit more information but icons can help reduce the amount of text and help visualize for the quick reader what you’re planning on doing.

Last but not least: cookies & opt-ins

I’ve said it many times before (also check my blog post O is for Opt-in and Opt-out), don’t use pre-ticked boxes. Just don’t. Not for cookies and not for other consent. And whilst we’re on the subject of transparency, make sure that you split up all your requests for consent. We call this a 'granular consent request'.

Example:

The correct and wrong way to ask for consent under the GDPR