GDPR Article 14 focuses on the principles of transparency in instances of data being collected indirectly – e.g. from a third party. In such circumstances, controllers need to provide information to data subjects at the point of collection, or immediately following.
Throughout the technical application, Article 14 broadly adheres to measures contained within Article 13, but with one major difference – an obligation to reveal where the data has been obtained from, and if it came from a ‘publicly available source’.
Another difference occurs related to the point at which the controller informs the subject the data has been collected. Article 13 deals with direct collection – which necessitates immediate communication with the subject – whereas Article 14 (indirect collection) allows for a brief period of time before subjects are informed.
Information to be provided where personal data have not been obtained from the data subject
Information to be provided where personal data have not been obtained from the data subject
Book a tailored hands-on session
based on your needs and goals
Book your demo
Organisations need to make the following information available following collection of the subject’s data:
In addition to the above information, organisation’s also need to provide:
This section references GDPR Articles 14 (1)(a), 14 (1)(b), 14 (1)(c), 14 (1)(d), 14 (1)(e), 14 (1)(f), 14 (2)(b), 14 (2)(e), 14 (2)(f), 14 (3)(a), 14 (3)(b), 14 (3)(c), 14 (4), 14 (5)(a), 14 (5)(b), 14 (5)(c), 14 (5)(d)
See ISO 27701 Clause 7.3.2 guidance within Article 13.
See ISO 27701 Clause 7.3.4 guidance within Article 13.
See ISO 27701 Clause 7.3.5 guidance within Article 13.
Book a tailored hands-on session
based on your needs and goals
Book your demo
We can’t think of any company whose service can hold a candle to ISMS.online.
See ISO 27701 Clause 7.3.6 guidance within Article 13.
See ISO 27701 Clause 7.3.10 guidance within Article 13.
See ISO 27701 Clause 7.4.7 guidance within Article 13.
GDPR Article | ISO 27701 Clause | ISO 27701 Supporting Clauses |
---|---|---|
EU GDPR Articles 14 (1)(a) to (5)(d) | ISO 27701 7.3.2 | None |
EU GDPR Article 14 (2)(d) | ISO 27701 7.3.4 | None |
EU GDPR Article 14 (2)(c) | ISO 27701 7.3.5 | None |
EU GDPR Article 14 (2)(c) | ISO 27701 7.3.6 | ISO 27701 7.3.7 |
EU GDPR Article 14 (2)(g) | ISO 27701 7.3.10 | None |
EU GDPR Article 14 (2)(a) | ISO 27701 7.4.7 | None |
We provide an environment that’s been pre-built for you to describe and demonstrate your approach to protecting your European and UK customer data that fits seamlessly into your management system.
That’s why we’ve created a built-in risk bank and a range of other practical tools that’ll help with every part of the risk assessment and management process. Whatever privacy standards or regulation you’re working on, you’ll need to show how well you manage Data Subject Rights Requests (DRR). Our secure DRR space keeps it all in one place, supporting it with automated reporting and insight.
Find out more by booking a 30 minute demo.
ISMS.online is a
one-stop solution that radically speeded up our implementation.
Book a 30 minute chat with us and we’ll show you how