Organizations should inform 'stakeholders' on the processing of personal information, with what goal data is processed, the amount of time data is stored, the people that have access to the data, which security measurements are taken, which rights a 'stakeholder' has, etc. This information is contained in a privacy statement and will be shared with all of the parties of which information is shared.