Probably you know the answer by now when you have read the previous section, but the answer is: Always when you are gathering personal data.
Examples of personal data
- Date of birth
- Home address
- Email address
- Phone number
- Passport number
- The IP address
It may also include data that may provide a valuation of a person’s natural person. Unsolicited disclosure of this data can limit someone’s ability to be completely themselves.
- Educational level
- Value of assets such as a house or car
- The purpose and legal basis of the processing. If the organization is claiming a legitimate interest, what interest is at stake
- The identity of the person who is responsible
- The (categories of) recipients of the personal data. Whether you intend to pass on your personal data outside the EU or an international organization and on what legal grounds
- The security level
- Contact details of the contact person
- To what extent is it mandatory to provide data?
- The retention period of the data
- Whether automated decision-making is used, including profiling, and how these decisions are made
- If the data have been obtained from another organization: the source from which the personal data originate and, if applicable, whether they originate from public sources.
The data subject’s rights, such as the right of access, rectification, and erasure