We are currently consulting on this draft guidance.
In detail
How do we assess if we are being transparent?
Determining whether you are acting transparently under data protection law is an assessment that you must make based on the circumstances of your data use and your transparency measures. After you have read this guidance, ask yourself the following questions when you are considering your level of transparency:
- Have your transparency communications increased the level of awareness of how you use personal information?
- Have you evaluated this using patient or service user groups?
- Have you identified transparency issues and made improvements in response?
- Beyond your privacy notice, what additional transparency material have you provided to people?
- How proactive have you been in providing transparency and privacy information directly to people?
Transparency checklist
This checklist gives you practical steps to help you achieve compliance:
Must
☐ We understand how we will use the data, have identified a lawful basis and assessed the data protection risks.
☐ We have considered what privacy information we must provide within our privacy notice.
Should
☐ We have considered what additional information or material we can provide to people to increase transparency.
☐ We have considered the harms associated with failing to provide adequate levels of transparency information.
☐ We have determined what information is most important to our service users to include in the initial layers of our privacy and transparency information.
☐ We have involved our DPO in the development of our transparency material.
☐ We have considered the most effective means to communicate our transparency information to people.
☐ We have allocated responsibility to delivering transparency where it is most effective.
☐ We have employed public engagement processes to develop and refine our transparency material.
☐ We will continue to review and evaluate our transparency measures regularly (again using public engagement processes).