Transparency requirements for the each law

The GDPR requires that you tell customers:

• What your business does
• How they can contact you
• Why you are processing personal data
• What types of data you collect and how long you will store it
• Disclosure of where data is being shared

The US Compliance Laws requires that you tell customers:

• What types of information you are collecting
• For what purpose you are collecting data
• Specifics of what is being collected
• Disclosure of where data is being shared
• Stating what categories of personal data are collected
• Obtaining affirmative consent for sensitive data before collecting it
• Providing an option for access and correct personal information.
• Providing opt-out mechanisms 
• Providing data protection assessments 
• Honor deletion requests
• Provide data breach notifications

The LGPD requires that you tell customers:

• Explain that you collect personal data and specify what Information is being collected
• Specify what are your reasons for collecting it
• Inform people of their rights
• Explain how they can contact you to exercise those rights

The PIPEDA requirements are that:

• Organizations must state the purposes for data collection before or at the time of data collection
• Organizations must customize a privacy policy to describe their organization’s data handling practices to comply with the PIPEDA openness requirement.
• Organizations must honor users’ rights in accessing, reviewing, and correcting personal information.

The APPI main point for transparency is that:

• Companies looking to become APPI-compliant must ensure that they have a privacy policy that stipulates the purpose of using the collected information. They must apply cybersecurity measures and physical safeguards that guarantee the security of the personal information they process.

Updated on: 12/01/2024