The controller is obliged to inform the data subject about the processing operations concerning him or her. According to Art. 13 GDPR, which is effective as of 25 May 2018, the controller is subject to statutory information obligations in case when personal data relating to a data subject are collected from the data subject. The aforementioned information requirements are rounded off by Art. 14 GDPR. According to this provision, the data subject shall also be provided with mandatory information, when the personal data were not collected from the data subject. It must therefore be stated that the data subject must always be involved in any processing by the controller.
Enterprises are processing vast amounts of personal data. This may be data relating to employees, contact persons or customer information. This was recognized by the legislator. Therefore, he requires appropriate actions from the controllers.
Protecting Data Subject
Providing Data Subject with Information
Informing Data Subject of the Collection
This is not intended to be an exhaustive list of all responsibilities of the controller. These can result from numerous legal requirements, directives and regulations. Data protection must therefore be taken seriously. Audits are recommended from legal, administrative and technical point of view.