What must be done to comply with GDPR concerning personal data usage?

To comply with the General Data Protection Regulation (GDPR) concerning personal data usage, it is essential that individuals are informed about how their data will be used. This is rooted in the principle of transparency, which is a core requirement of GDPR. When organizations collect personal data, they must provide clear and accessible information to individuals about the purpose of data collection, the legal basis for processing, any potential data sharing, and individuals' rights regarding their data.

By informing individuals, organizations foster trust and ensure that users can make informed decisions about their personal information. This also aligns with the rights of individuals to understand how their data is utilized and empowers them to exercise their rights when it comes to personal data, including the right to access, rectify, or erase their data.

The other choices suggest practices that are not compliant with GDPR standards. For example, not informing individuals would violate the transparency obligation, while deleting all data immediately does not consider lawful processing. Processing data without consent neglects the principle of lawful processing, which often requires consent unless another legal basis applies.