In detail
- How do we assess if we are being transparent?
- How often should we review our transparency information?
- Transparency checklist
How do we assess if we are being transparent?
You must assess and determine whether you are acting transparently under data protection law, based on your use of personal information and your transparency measures. After you have read this guidance, ask yourself the following questions when you are considering your level of transparency:
- Have your transparency communications increased the level of awareness and understanding of how you use personal information?
- Have you evaluated this in some way? You could use patient engagement processes (PPIE) to help you evaluate your transparency material.
- Have you identified transparency issues and made improvements in response?
- Beyond your privacy notice, what additional transparency material have you provided to people?
- How proactive have you been in providing transparency and privacy information directly to people?
How often should we review our transparency information?
You should continue to review and evaluate your transparency and privacy information at regular intervals (or at key milestones) to:
- check that it actually explains what you do with people’s personal data; and
- ensure that it remains accurate and up to date.
Transparency checklist
This checklist gives you practical steps to help you achieve compliance:
☐ Before we started developing our transparency information, we understood how we would use the information, identified a lawful basis and assessed the data protection risks.
☐ We have involved our DPO or those who are responsible for information governance when developing our transparency material.
☐ We know what privacy information we must provide within our privacy notice.
☐ We have thought about what additional information or material we can usefully provide to people to increase transparency.
☐ We have considered the potential harms associated with failing to provide adequate levels of transparency information.
☐ We have employed public engagement processes to develop and refine our transparency material.
☐ We have considered and implemented the most effective means to communicate our transparency information to people.
☐ We have determined what information is most important to people to include in the initial layers of our privacy and transparency information.
☐ We have allocated responsibility for delivering transparency where it is most effective.
☐ We will continue to review and evaluate our transparency measures regularly (again, using public engagement processes where appropriate).