Articles on: Frequently Asked Questions (FAQ)

Transparency requirements for the each law

The GDPR requires that you tell customers:

What your business does
How they can contact you
Why you are processing personal data
What types of data you collect and how long you will store it
Disclosure of where data is being shared

The US Compliance Laws requires that you tell customers:

What types of information you are collecting
For what purpose you are collecting data
Specifics of what is being collected
Disclosure of where data is being shared
Stating what categories of personal data are collected
Obtaining affirmative consent for sensitive data before collecting it
Providing an option for access and correct personal information.
Providing opt-out mechanisms
Providing data protection assessments
Honor deletion requests
Provide data breach notifications

The LGPD requires that you tell customers:

Explain that you collect personal data and specify what Information is being collected
Specify what are your reasons for collecting it
Inform people of their rights
Explain how they can contact you to exercise those rights

The PIPEDA requirements are that:

Organizations must state the purposes for data collection before or at the time of data collection
Organizations must customize a privacy policy to describe their organization’s data handling practices to comply with the PIPEDA openness requirement.
Organizations must honor users’ rights in accessing, reviewing, and correcting personal information.

The APPI main point for transparency is that:

Companies looking to become APPI-compliant must ensure that they have a privacy policy that stipulates the purpose of using the collected information. They must apply cybersecurity measures and physical safeguards that guarantee the security of the personal information they process.

Updated on: 12/01/2024

Was this article helpful?

Share your feedback


Thank you!