Transparency under the General Data Protection Regulation (GDPR)

Implementation date 25th May 2018

Guidelines
The EU Article 29 Working Party (WP29) has recently published guidelines on the obligation of transparency concerning the processing of personal data under the GDPR. The concept of transparency appears as one of six principles that must be adhered to when processing data, but no actual definition has been provided under the GDPR.

Personal data must be processed in a “transparent manner” under Article 5(1)(a) of the GDPR. This is in addition to the other requirements that personal data must be processed lawfully and fairly as set out in that sub-article. Transparency is also intrinsically linked to the new principle of accountability under the GDPR. It follows from Article 5(2) that the data controller must be able to demonstrate that personal data is processed in a transparent manner with respect to the data subject.

The obligation applies to three central areas:

1. The provision of information to data subjects related to fair processing to individuals.
2. How data controllers communicate with data subjects in relation to their rights under the GDPR; and
3. How data controllers facilitate the exercise by data subjects of their rights.

Relevant articles relating to transparency under the GDPR include: 5.1(a), 12, 13, 14.

Relevant recitals relating to transparency under the GDPR include: 39, 58, 59, 60, 61, 62.

According to the guidelines, in order to comply with the obligation of transparency, businesses should:

• Make the information or communication in question concise, intelligible and use clear and plain language. It should be “understood by an average member of the intended audience”. Identify the intended audience, ascertain their average level of understanding and draft the information accordingly.
• Ensure appropriate language and vocabulary is used when processing the data of children or vulnerable persons. The GDPR indicates that there should be a higher level of transparency threshold when the data subject if a child.
• Make information easily accessible, meaning it is immediately known where the information can be obtained.
• Avoid complex sentences and language structure. The information should be provided in clear and plain language.

For any queries, please contact Anne O’Connell Solicitors at info@aocsolicitor.ie or +353 1 2903580
21st December 2017
Anne O’Connell
Solicitors
1-3 Burton Hall Road
Sandyford
Dublin 18
www.aocsolicitors.ie

If you found this article useful you might like our employment law newsletter. We write monthly articles, like this, covering interesting cases, decisions, news and developments in Ireland.

Related Articles

• Labour Court Reduces €10,000 Unfair Dismissal Award, Despite Flawed Procedure, Due to Teacher’s Own Conduct
• Labour Court Finds Aer Lingus Requirement to Wear High Heels Discriminatory
• Labour Court Overturns €18,000 Penalisation Award
• WRC Finding of Unfair Dismissal –  Employer Unable to Demonstrate that Fair Procedures were Followed
• Dental Practice Manager awarded €15,000 for “Cruel” Unfair Dismissal
• WRC Awards Employee €20,000 for Penalisation due to Applying for Parental Leave
• High Court Finds that School Principal Should be Reinstated after Eleven Years
• WRC Finds Unfair Dismissal for Want of Fair Procedures