The General Data Protection Regulation (GDPR) requires organisations, processing personal data as controllers, to provide the individuals concerned with a privacy notice. This document must explain to the individuals how their personal information is processed.
Although it was already a requirement under the former legislation, the GDPR requires controllers to provide more detailed privacy notice whose content may differ slightly depending on whether or not the personal data have been collected directly from the individuals.