Obligations of information to the data subject
What information should be provided in a small-sized form where it is not possible to list all the elements required by the GDPR? And what if data are collected by phone?
Essential information to describe the context of data processing. Therefore, at least identity and contacts of the controller, purposes of processing and whether the data subject is obliged to provide data, whether data may be communicated or disseminated – where applicable – (also in the event of transfer to third countries), if there is a process of profiling, the DPO’s contacts (where applicable) and the rights which the data subject can exercise, including the right to lodge a complaint with the supervisory authority. The data subject should be redirect to a website – or other easily accessible instrument – to get full information. These considerations are valid also in the event of data collection by phone.
When data are only stored, shall the controller provide information?
The controller is obliged to provide information, because also data storage is a processing activity, so the obligation shall be complied with.
Is it possible to use the same information statement for all data collection activities?
It is not possible, because each processing activity has its own context: for instance, the purposes of processing and the legal bases for processing, data which are collected, the period of storage, the recipients of data are different.
To learn more, click here or contact me.
Leave a Reply