What you need to know.
Personal data must be processed in a transparent manner. You must provide data subjects with certain information, in the form of a privacy notice, at the time when their personal data is obtained. If you obtain the data via a third party (e.g. data broker), you have up to one month after obtaining the data. A privacy notice includes your contact details, the purpose and the legitimate basis for the processing activity, the recipients of the data and the retention period.
You can add privacy notices as annexes to your contracts, as a link on the bottom of your website, as a link in the app store and app settings, as a link in the “about” section of your social media, … For data received via third parties, you will have to provide the information by letter or e-mail.
A privacy notice must be concise (to avoid information fatigue), in clear and plain language (which depends on the intended audience) and easily accessible (differentiated from non-privacy related information and never more than “two taps away”).
What you need to do by 25 May 2018.
You should redact / update existing privacy notices informing data subjects about all of your processing activities. They should contain all mandatory information listed in the GDPR. Write in active and simple language and keep it concise. Use clear subtitles or a layered structure which provides data subjects with the most important information (including the purpose) and allows them to immediately access more extensive information.
Determine the most practical way of informing your data subjects: by adding an annex to your contracts or via an online link. You may also consider adding a link in your e-mail signature.
For accountability purposes, it is recommended indicating in your record that you have informed data subjects about your processing activities. It demonstrates compliance with this obligation towards the authorities but it can also serve as a helpful reminder not to forget this obligation.
Are you ready for the GDPR?
Want to know more? Stay tuned…
the next item of the GDPR toolkit will be available within 2 weeks.
Please consult our website or contact one of our team members if you have questions or require more information:
The M&A Survey
The M&A Survey identifies the recurring elements in M&A transactions and the actual terms and conditions commonly used