SCF - PRI-02 - Data Privacy Notice
Mechanisms exist to:
- Make data privacy notice(s) available to individuals upon first interacting with an organization and subsequently as necessary;
- Ensure that data privacy notices are clear and easy-to-understand, expressing information about Personal Data (PD) processing in plain language that meet all legal obligations; and
- Define the scope of PD processing activities, including the geographic locations and third-party recipients that process the PD within the scope of the data privacy notice.
Mapped framework controls
GDPR
- Art 11.2
- Art 12.1
- Art 13.1
- Art 13.2
- Art 13.3
- Art 14.1
- Art 14.2
- Art 14.3
- Art 26.1
- Art 26.2
ISO 27002
SOC 2
Control questions
Does the organization:
- Make data privacy notice(s) available to individuals upon first interacting with an organization and subsequently as necessary;
- Ensure that data privacy notices are clear and easy-to-understand, expressing information about Personal Data (PD) processing in plain language that meet all legal obligations; and
- Define the scope of PD processing activities, including the geographic locations and third-party recipients that process the PD within the scope of the data privacy notice?