When collecting personal data—whether through forms, contracts, or apps—data protection regulations require us to inform individuals transparently. To achieve this, the General Data Protection Regulation (GDPR) introduces a layered information approach, making it easier for users to understand what happens to their data without being overwhelmed.
The layered model involves providing information on two levels:
First Layer:
This is the most essential information, presented briefly and directly at the exact moment data is collected.
It includes:
The goal is to ensure users don’t have to read endless legal paragraphs and can clearly decide whether to give their consent or not.
Second Layer:
This includes the full, detailed information required by the regulation.
It includes:
This second layer is usually hosted in the website’s privacy policy or in a document that is easily accessible.
Because it ensures transparency and respects the user’s autonomy. If we only provided full information in a long block of legal text, most people wouldn’t read or understand it.
Layered information helps users understand, builds trust, and is also a direct requirement of the GDPR (transparency principle, Article 12).
Using layered information is not just a legal formality—it’s a best practice that shows commitment to privacy and respect for individuals.
Remember: a clear and brief first layer, and a complete and accessible second layer. That way, your data processing will be transparent, lawful, and responsible.
Want to check if your information texts comply with the GDPR? At Lawwwing, we can help. Contact us!
