Transparency under the General Data Protection Regulation (GDPR)

Implementation date 25th May 2018

Guidelines
The EU Article 29 Working Party (WP29) has recently published guidelines on the obligation of transparency concerning the processing of personal data under the GDPR. The concept of transparency appears as one of six principles that must be adhered to when processing data, but no actual definition has been provided under the GDPR.

Personal data must be processed in a “transparent manner” under Article 5(1)(a) of the GDPR. This is in addition to the other requirements that personal data must be processed lawfully and fairly as set out in that sub-article. Transparency is also intrinsically linked to the new principle of accountability under the GDPR. It follows from Article 5(2) that the data controller must be able to demonstrate that personal data is processed in a transparent manner with respect to the data subject.

The obligation applies to three central areas:

1. The provision of information to data subjects related to fair processing to individuals.
2. How data controllers communicate with data subjects in relation to their rights under the GDPR; and
3. How data controllers facilitate the exercise by data subjects of their rights.

Relevant articles relating to transparency under the GDPR include: 5.1(a), 12, 13, 14.

Relevant recitals relating to transparency under the GDPR include: 39, 58, 59, 60, 61, 62.

According to the guidelines, in order to comply with the obligation of transparency, businesses should:

• Make the information or communication in question concise, intelligible and use clear and plain language. It should be “understood by an average member of the intended audience”. Identify the intended audience, ascertain their average level of understanding and draft the information accordingly.
• Ensure appropriate language and vocabulary is used when processing the data of children or vulnerable persons. The GDPR indicates that there should be a higher level of transparency threshold when the data subject if a child.
• Make information easily accessible, meaning it is immediately known where the information can be obtained.
• Avoid complex sentences and language structure. The information should be provided in clear and plain language.

For any queries, please contact Anne O’Connell Solicitors at info@aocsolicitor.ie or +353 1 2903580
21st December 2017
Anne O’Connell
Solicitors
1-3 Burton Hall Road
Sandyford
Dublin 18
www.aocsolicitors.ie

If you found this article useful you might like our employment law newsletter. We write monthly articles, like this, covering interesting cases, decisions, news and developments in Ireland.

Related Articles

• WRC Finds Employer Liable for Sexual Harassment of Employee on Staff Night Out
• WRC Orders Reinstatement of Employee who was Unfairly Dismissed
• WRC Finds that Dismissal of Airport Senior Executive Arrested for Theft was Fair
• Leave to Appeal to Supreme Court Sought by Civilian Garda Driver who was Refused Interlocutory Injunction by High Court
• Anne O’Connell Solicitors collaborates with IEL
• High Court Clarifies the Scope of a De Novo Appeal to the Labour Court
• WRC Finds Employer’s Sick Pay Scheme More Favourable Overall Than Statutory Sick Pay Scheme
• WRC Looks Behind Company and Deems an Individual an Employee