Understanding GDPR – Part One: Right to be informed

In this multipart guide, we will be assessing your rights and obligations in the rapidly approaching GDPR, equipping you with the knowledge to stay secure once the new regulation comes into play.


Right to be informed

Under the new GDPR, anyone has the right to be informed about how their data is processed. This is designed to ensure transparency over how you use personal data, and encompasses your obligation to provide ‘fair processing information’. This is typically instated through a publicly accessible privacy notice, although it is possible, but not practical, to issue this on an individual basis.


What information do you need to supply?

In order to comply with the GDPR, the guidelines state the information that should be supplied, and when individuals should be informed, which are shown below.

It is essential that you ensure that the information you supply about the processing of the personal data is concise, transparent, intelligible and easily accessible; written in clear and plain language, particularly if addressed to a child; and free of charge.

Dependent on whether or not the information you hold was obtained directly from the individual, this must be managed in a different manner. Please see table below for more details.


What information must be supplied?

Data obtained directly from data subject

Data obtained from another source

Identity and contact details of the controller (and where applicable, the controller’s representative) and the data protection officer

Purpose of the processing and the lawful basis for the processing

The legitimate interests of the controller or third party, where applicable

Categories of personal data


Any recipient or categories of recipients of the personal data

Details of transfers to third country and safeguards

Retention period or criteria used to determine the retention period

The existence of each of data subject’s rights

The right to withdraw consent at any time, where relevant

The right to lodge a complaint with a supervisory authority

The source the personal data originates from and whether it came from publicly accessible sources


Whether the provision of personal data is part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data


The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences


When should information be provided?

If the data was obtained directly from the subject, then the information must be supplied at the time the data is obtained. If, however the data is obtained from another source, then you must supply information within a reasonable period. This should be fulfilled within the month.

If you are interested in learning more and equipping your organisation for the upcoming GDPR, contact MarketDeveloper on +44 1784 432 082.

Share this post

Leave a comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
1 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

About MarketDeveloper

MarketDeveloper is a CRM and Marketing Automation supplier based in Egham. The company was formed from the merging of two marketing solutions in 2009 and has been committed to creating and updating a highly powerful, flexible and intuitive Single Customer View solution. A selection of MarketDeveloper clients include The Mail, VisitWales, ScotRail and Cosmos. In December 2018, MarketDeveloper was acquired by BlueVenn.