The GDPR requires you to inform data subjects of all recipients to whom you disclose their personal data.
According to the GDPR, a recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry (say, a tax authority) in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
The GDPR also states that a third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
In the GDPR compliance app, you will likely enter recipients in Data Mapping - if you have any data sharing agreements or if you process personal data on behalf of say, industry bodies (because it might be in the legitimate interest of the industry body). If data mapping is correctly setup, the correct content will flow through to your privacy notice templates.
The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018