Transparency under the General Data Protection Regulation (GDPR)

Implementation date 25th May 2018

Guidelines
The EU Article 29 Working Party (WP29) has recently published guidelines on the obligation of transparency concerning the processing of personal data under the GDPR. The concept of transparency appears as one of six principles that must be adhered to when processing data, but no actual definition has been provided under the GDPR.

Personal data must be processed in a “transparent manner” under Article 5(1)(a) of the GDPR. This is in addition to the other requirements that personal data must be processed lawfully and fairly as set out in that sub-article. Transparency is also intrinsically linked to the new principle of accountability under the GDPR. It follows from Article 5(2) that the data controller must be able to demonstrate that personal data is processed in a transparent manner with respect to the data subject.

The obligation applies to three central areas:

1. The provision of information to data subjects related to fair processing to individuals.
2. How data controllers communicate with data subjects in relation to their rights under the GDPR; and
3. How data controllers facilitate the exercise by data subjects of their rights.

Relevant articles relating to transparency under the GDPR include: 5.1(a), 12, 13, 14.

Relevant recitals relating to transparency under the GDPR include: 39, 58, 59, 60, 61, 62.

According to the guidelines, in order to comply with the obligation of transparency, businesses should:

• Make the information or communication in question concise, intelligible and use clear and plain language. It should be “understood by an average member of the intended audience”. Identify the intended audience, ascertain their average level of understanding and draft the information accordingly.
• Ensure appropriate language and vocabulary is used when processing the data of children or vulnerable persons. The GDPR indicates that there should be a higher level of transparency threshold when the data subject if a child.
• Make information easily accessible, meaning it is immediately known where the information can be obtained.
• Avoid complex sentences and language structure. The information should be provided in clear and plain language.

For any queries, please contact Anne O’Connell Solicitors at info@aocsolicitor.ie or +353 1 2903580
21st December 2017
Anne O’Connell
Solicitors
1-3 Burton Hall Road
Sandyford
Dublin 18
www.aocsolicitors.ie

If you found this article useful you might like our employment law newsletter. We write monthly articles, like this, covering interesting cases, decisions, news and developments in Ireland.

Related Articles

• High Court Rules that Disciplinary Process Should Proceed, but Lifts Plaintiff’s Suspension
• Labour Court Overturns WRC Finding of Discrimination where Pregnant Employee was Denied the Opportunity to Work Remotely During the COVID-19 Pandemic
• Employee Awarded €5,000 for Harassment After Being “Outed” at Work, but Victimisation Claim Fails
• WRC Finds that Employer Acted Unreasonably in Failing to Make Genuine Efforts to Contact Employee Who Was Absent from Work
• Award for Constructive Dismissal Where Employer did not Progress Grievance
• Employer’s Response to Sexual Harassment Complaint Insufficient Despite Complainant’s Request to Deal with It “Quietly”
• WRC Awards €30,000 Due To Employer Not Complying with Code of Practice for Longer Working When Enforcing Mandatory Retirement Age
• Work Life Balance and Miscellaneous Provisions Act 2023