What are data-broker transparency requirements under GDPR?

• GDPR imposes specific obligations on data brokers and those who use their services.
• Data broker obligations:
• Right to be informed: Individuals must be told their data is being processed, by whom, and for what purpose
• Source disclosure: Data subjects can request where their data came from
• Lawful basis: Brokers need legal grounds for collecting and selling data
• Access rights: Individuals can request copies of data held about them
• Deletion rights: Individuals can request erasure under certain conditions
• Your obligations when using broker data:
• Inform recipients at first contact (or within 30 days) that you have their data
• Explain where you got it and why you're contacting them
• Provide privacy notice and contact details
• Respond to access and deletion requests
• Conduct your own lawful basis assessment

Practical implication: Simply buying data doesn't transfer compliance responsibility. You become a data controller with your own obligations. Due diligence on broker practices is essential, not optional.