UPDATING YOUR PRIVACY NOTICE
Before May 25th one essential task you will need to perform is updating your Privacy Notice to articulate how your business is GDPR-compliant its processing of personal data. There's some great information on the ICO's website about how to approach this, including How to write a privacy notice and What to include in your privacy notice.
To get you started, here's the checklist the ICO provides:
Decide what to include by working out:
What personal information you hold
What you do with it and what you are planning to do with it
What you actually need
Whether you are collecting the information you need
Whether you are creating new personal information; and
Whether there are multiple data controllers.
If you are relying on consent, you should:
Display it clearly and prominently
Ask individuals to positively opt-in
Give them sufficient information to make a choice
Explain the different ways you will use their information, if you have more than one purpose
Provide a clear and simple way for them to indicate they agree to different types of processing
Include a separate unticked opt-in box for direct marketing.
Also consider including:
The links between different types of data you collect and the purposes that you use each type of data for
The consequences of not providing information
What you are doing to ensure the security of personal information
Information about people’s right of access to their data
What you will not do with their data.
Give privacy information:
Consider a layered approach:
Icons and symbols
Actively give privacy information if:
You are collecting sensitive information
The intended use of the information is likely to be unexpected or objectionable
Providing personal information, or failing to do so, will have a significant effect on the individual
The information will be shared with another organisation in a way that individuals would not expect.
Write and present it effectively:
Use clear, straightforward language
Adopt a style that your audience will understand
Don’t assume that everybody has the same level of understanding as you
Avoid confusing terminology or legalistic language
Draw on research about features of effective privacy notices
Align to your house style
Align with your organisation’s values and principles
Be truthful. Don’t offer people choices that are counter-intuitive or misleading
Follow any specific sectoral rules;
Ensure all your notices are consistent and can be updated rapidly
Provide separate notices for different audiences.
Test and review
Before roll out:
Test your draft privacy notice with users;
Amend it if necessary.
After roll out:
Keep your privacy notice under review
Take account of any complaints about information handling
Update it as necessary to reflect any changes in your collection and use of personal data.
How Pearlfinders can help:-
Following GDPR there will be a legal requirement for all companies to keep accurate data and go through regular minimisation processes. Pearlfinders includes details of over 50,000 decision-makers at the top 2,000 UK companies. All of these are updated on a 90 day rolling cycle, with all individuals being informed that their details are kept every quarter to ensure full transparency. you can view our privacy notice here.
Pearlfinders provides reasons to connect with brands, making sure you’re only going to be processing data that’s relevant to your role.