Updating Your Privacy Notice

Before May 25th one essential task you will need to perform is updating your Privacy Notice to articulate how your business is GDPR-compliant its processing of personal data. There's some great information on the ICO's website about how to approach this, including How to write a privacy notice and What to include in your privacy notice

To get you started, here's the checklist the ICO provides:

What?

Decide what to include by working out:

  • What personal information you hold
  • What you do with it and what you are planning to do with it
  • What you actually need
  • Whether you are collecting the information you need
  • Whether you are creating new personal information; and
  • Whether there are multiple data controllers.

If you are relying on consent, you should:

  • Display it clearly and prominently
  • Ask individuals to positively opt-in
  • Give them sufficient information to make a choice
  • Explain the different ways you will use their information, if you have more than one purpose
  • Provide a clear and simple way for them to indicate they agree to different types of processing
  • Include a separate unticked opt-in box for direct marketing.

Also consider including:

  • The links between different types of data you collect and the purposes that you use each type of data for
  • The consequences of not providing information
  • What you are doing to ensure the security of personal information
  • Information about people’s right of access to their data
  • What you will not do with their data.

Where?

Give privacy information:

  • Orally
  • In writing
  • Through signage
  • Electronically.

Consider a layered approach:

  • Just-in-time notices
  • Video
  • Icons and symbols
  • Privacy dashboards.

When?   

Actively give privacy information if:

  • You are collecting sensitive information
  • The intended use of the information is likely to be unexpected or objectionable
  • Providing personal information, or failing to do so, will have a significant effect on the individual
  • The information will be shared with another organisation in a way that individuals would not expect.

How?

   
Write and present it effectively:

  • Use clear, straightforward language
  • Adopt a style that your audience will understand
  • Don’t assume that everybody has the same level of understanding as you
  • Avoid confusing terminology or legalistic language
  • Draw on research about features of effective privacy notices
  • Align to your house style
  • Align with your organisation’s values and principles
  • Be truthful. Don’t offer people choices that are counter-intuitive or misleading
  • Follow any specific sectoral rules;
  • Ensure all your notices are consistent and can be updated rapidly
  • Provide separate notices for different audiences.

Test and review
     
Before roll out:

  • Test your draft privacy notice with users;
  • Amend it if necessary.

After roll out:

  • Keep your privacy notice under review
  • Take account of any complaints about information handling
  • Update it as necessary to reflect any changes in your collection and use of personal data. 

 

How Pearlfinders can help:-

Following GDPR there will be a legal requirement for all companies to keep accurate data and go through regular minimisation processes. Pearlfinders includes details of over 50,000 decision-makers at the top 2,000 UK companies. All of these are updated on a 90 day rolling cycle, with all individuals being informed that their details are kept every quarter to ensure full transparency. you can view our privacy notice here.

Pearlfinders provides reasons to connect with brands, making sure you’re only going to be processing data that’s relevant to your role.