Informing the data subjects

But it is you who defines what these limits are. You must also inform the data subjects of what you are doing. This information must be provided in a transparent manner. Transparent does not mean open, since you can hide relevant information by providing too much information. This is normally what happens in legal agreement texts. Under the GDPR, long complicated texts such as those do not constitute transparent information. Instead, transparency means the text must be informative, easy to understand, clear, and concise. It must use plain language, and special consideration must be made if the processing activity involves children. It must be relevant to the audience (the receivers), not the sender, which is typically the case with legal documents.

There might be cases where processing of personal data does not require informing data subjects. Such cases include processing activities mandated by law that require secrecy. Another exception might be if it is impossible to inform the subjects. In such cases, general statements should be made available publicly by other means.

Once you've defined your boundaries and informed the data subjects, you can commence processing. You are then not allowed to go outside of the boundaries you've set up and informed the data subjects about, without informing the data subjects about that fact. And you are only allowed to perform the new processing activity on data collected after the time you informed the subjects. You are not allowed to execute it on old data retroactively.

This minimalistic requirement implies a paradigm shift on how data can be processed. The traditional statement made by proponents of centralized big data solutions that the more you collect, the more potential value you have is no longer true, considering the GDPR. Since you are not allowed to retroactively process the data you've collected in new processing activities, hoarding the data "just in case" makes no sense. The old paradigm is no longer true. In the new paradigm, the more data you collect, the more risk you have and the greater your responsibility. But the potential value stays the same. The new paradigm states that you should only collect data to which you can assign a value.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.59.100.42