It is true that the GDPR establishes the right to information transparency among the rights of the interested party.
The controller is obliged to inform interested parties about fundamental aspects that affect the processing of their information, such as their identity, contact details, purposes of the processing, legitimate interests of the controller, period of data retention, and also about the “recipients” or “categories of recipients” of their personal data.
However, the LOPD already included the need to inform interested parties of the identity of the person responsible for the information and, therefore, it is not something new.
It is understandable that many professionals feel uncomfortable having to expose data that affects their identity, such as their name and surname, ID, address, etc., but we must consider that the spirit of the regulation is philippine area code to defend the interests of citizens so that we know which companies and professionals store our data. We have the right to do so and I believe that the interests of citizens must always prevail over those of companies.
We have to admit that, in digital environments, and especially in the blogging world, we are accustomed to opacity, to the lack of transparency, to using user and subscriber information without communicating anything about it to the owners of that information.
How many professionals operate under a nickname or trademark?
We don't even know where our information is stored, whether in Ethiopia, China or Timbuktu, let alone with whom it shares that information.
The GDPR gives citizens greater control over the information that concerns them and this forces all providers to develop clearer information policies and mechanisms to obtain permission for the information.
It also requires that this information be presented:
In clear and simple language.
In a concise, transparent, intelligible and easily accessible manner.
Finding a balance between conciseness and precision, avoiding circumlocutions, unnecessary explanations or confusing details.
Avoiding the abuse of unnecessary legal citations and ambiguous terms or terms that have little meaning for the recipients.
There is no need to use a first information layer in each form
Although it is not mandatory, the Agency recommends introducing it as a good practice for transparency and to avoid referring to legal texts.
To make compatible the increased demand for information introduced by the GDPR and the need for clarity, conciseness and understanding in the way it is presented, it is recommended to adopt information models by layers or levels.
In the guide on the duty to inform published by the Spanish Data Protection Agency , the recommendation to implement a layered information system is clearly stated.