GDPR, providing information, notification, rights of data subject, data processor, data controller, types of contracts
The story was that the manufacturer didn’t provide sufficient information in the guide and didn’t state that the microwave is not suitable for drying fur of cats. The manufacturer got sued over the case and had to pay a very serious compensation to the owners of the cat. They also had to amend the guide, so no more cats would be microwaved in the future.
Well, the GDPR is now very cautious about providing information for the ‘data subject’.
Let’s see the details.
Personal data basically comes in two ways:
- They are directly collected from the data subject.
- They have been obtained from other sources.
In both cases the notification to the data subject must be transparent, intelligible and easily accessible form, using clear and plain language.
It has to contain at least the following:
- the identity and the contact details of the data controller,
- the contact details of the Data Protection Officer (where applicable),
- the purposes of the processing for which the personal data are intended as well as the legal basis for the processing,
- the recipients or categories of recipients of the personal data,
- the period for which the personal data will be stored,
- the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability,
- the right to lodge a complaint with a supervisory authority,
- the existence of automated decision-making, including profiling,
- the fact that the controller intends to transfer personal data to a third country or international organization, furthermore reference to the appropriate or suitable safeguards,
- whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, the possible consequences of failure to provide such data.
As mentioned earlier, during delivering our accounting and payroll services we are the data processor in the first place, therefore notification is not our main responsibility.
As the data controller we process our employees’ personal data and we have the obligation of providing information. In the aspect of notification, it is very important to distinguish the employees according to the types of their contracts that can be regular or engagement contracts. Providing information is also going to be different for applicants or employees that come from agencies.
At Process Solutions it is our priority to keep on applying proper notification practice not to give a chance for brining on a story similar to the one of microwaved cat.
Powered by FORTIX Consulting