Transparency principle
The first GDPR processing principle is that personal data must be processed lawfully, fairly and in a transparent manner. Transparency means being open and honest about how personal data are used, so data subjects know their data are processed and are aware of their rights, the risks, the rules and the safeguards. It is delivered mainly by fair processing information and is tightly linked to fairness, to valid consent (which must be informed) and to the legitimate interests basis.
Under GDPR Article 5(1)(a), personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject. Transparency is not an isolated rule; it runs through several other principles. The GDPR states that the principles of fair and transparent processing require the data subject to be informed of the existence of the processing operation and its purposes.
Transparency underpins (1) fairness - no/incomplete information likely makes processing unfair; (2) valid consent - consent must be informed, so the data subject must at least know the controller's identity and the purposes; and (3) legitimate interests - clear information helps show the data subject could reasonably expect the processing.
The Directive expressly linked transparency to fairness, and the GDPR retains that link. The Directive also required controllers to notify their processing to the supervisory authority; the GDPR abolishes this general notification requirement because it created administrative burden without always improving protection, replacing it with measures focused on high-risk processing.