GDPR Article 12 is Transparent information, communication and modalities for the exercise of the rights of the data subject.
What is GDPR Article 12?
This is where the company agrees to act on all the rights in a way that is straightforward and not sneaky.
The organization is obligated to fulfil all the rights of the data subject in a way that is clear to understand, easy to access, and free of charge, especially when in reference to a child.
Why it is important for the Data Subject
This Right assures a user that they not only have the complete picture of how their data is being handled, but they are also able to access, correct, and remove that data when they want to. Many ‘free’ services online, such as social networks and search engines, offer the use of their service in exchange for a user’s data. This Right does not stop companies from selling or using personal data, but it does put the control back on the user to decide if this use is acceptable for them in exchange for the service.
What it means to the organization
Real-world example of GDPR Article 12
A company runs a local listing of restaurants that allow users to rate the restaurant. Users sign in with some personal details including name, address, and demographic information. The service also tracks them via GPS to analyze where they go.
The GPS data is considered sensitive data. Users will need to be told that this kind of data is being taken and they should be able to opt out of being tracked in this way. The company may opt to no longer collect the data because it is not a critical piece of their app. The company will also need to create a process so that users can see what data has been collected, correct it, and ask to be removed if needed.
Questions about GDPR and the Data Subject Rights? Check out our full article on GDPR or contact us.