The provision of information to data subjects is emphasised in many different parts of the GDPR, from the principle of transparency, to the data provision obligations under Articles 13+14, and from the need for consent to be "informed", to certain data subjects rights requiring more detailed information to be provided.
But meeting these obligations continues to be a struggle for many data controllers, particularly where use of new technology is involved.
Putting yourself in the shoes of the data subject can help to get the tone and level of detail right - is this use of the data or use of a third party processor something which is expected, or will it come as a surprise? Would you understand the information being provided if you didn't have a background in your industry?
This applies to all sectors but is particularly critical in the area of healthcare as new technologies offer brilliant opportunities but need patient buy-in to be a true success.
/Passle/5f3d6e345354880e28b1fb63/MediaLibrary/Images/2024-04-12-12-22-49-676-661927996946834877488db6.jpg)
/Passle/5f3d6e345354880e28b1fb63/SearchServiceImages/2024-04-16-16-05-05-331-661ea1b1344c3be38357f107.jpg)