£199.99 £139.99 for one year of Unlimited learning. Offer ends on 14 November 2022 at 23:59 (UTC). T&Cs apply

Find out more
Transparency and modalities
Skip main navigation

Transparency and modalities

There are transparency and modality requirements found in the GDPR. In this article, Evgeni Moyakine discusses these requirements.
Girl looking through shades
© University of Groningen

At this stage, we should discuss additional requirements introduced by the GDPR that must be taken into account by those engaged in the processing of personal data, such as companies, educational institutions and governments.

It needs to be mentioned that controllers need to take certain actions to ensure the rights of data subjects that will be discussed this week. These are the so-called transparency and modality requirements that can be found in Article 12 of the GDPR. By modalities, we mean different mechanisms that are used to facilitate the exercise of data subjects’ rights under the GDPR, such as those relating to different forms of information provision (in writing, spoken, electronically) and other actions to be taken when data subjects invoke their rights.


In the first place, measures must be taken by data controllers to provide any information or any communication relating to the processing to these individuals in a concise, transparent, intelligible and easily accessible form, using the language that is clear and plain. For instance, it should be done when personal data are collected from data subjects or when the latter exercise their rights, such as the right of access. This requirement of transparent information and communication is especially important when children are data subjects.


But how should this information be provided? It can be done in writing or by other means that include electronic means where it is appropriate. It is, however, also possible to provide the information orally, when it is requested by the data subject and when his or her identity is proven by other means, such as in writing or electronically.

This information and any actions associated with data subjects’ rights must be taken free of charge. In certain scenarios – when requests from data subject are clearly unfounded or excessive (specifically, when they have a repetitive character) – controllers may charge a reasonable fee or even refuse to act on the request.

© University of Groningen
This article is from the free online

Understanding the GDPR

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education