The requirement to provide individuals with concise, transparent and understandable information as to how their personal data will be processed is a key purpose of the General Data Protection Regulation (GDPR). A common way for organisations, or “data controllers”, to satisfy this requirement is to provide the relevant information to data subjects in the form of privacy notices.
What is a Privacy Notice?
A privacy notice sets out how an organisation will collect and process personal information about an individual. Some key points a privacy notice should contain are as follows:
- What data an organisation holds about an individual;
- How this data is collected;
- How the organisation intends to use the data; and
- For how long the data will be retained.
An effective, GDPR-compliant privacy notice will also demonstrate that organisations are using personal data fairly and transparently, by giving individuals a level of control over how their personal data is used. For example, by setting out an individual’s right to withdraw their consent to the collection, processing and transfer of their personal data and by informing them of the applicable legal basis for processing their data.
Types of Privacy Notice
There are various types of privacy notice which include:
Privacy notice for staff – Employers can use this notice to notify employees, workers and contractors about the personal data that the employer holds relating to them, how they can expect their personal data to be used and for what purposes
Candidate privacy notice – This notice can be used to notify job applicants how their personal data will be held by the organisation and for what purpose and when it will be deleted
External privacy notice – This notice can be used to notify customers and suppliers about what information will be collected, how it will be used, how it will be shared, how long it will be kept and what rights they have in relation to the data
Website privacy notice – This notice can be used to notify the organisation’s website visitors about how it collects, uses and stores personal data through use of its website and to provide goods and services.
If you require any advice in relation to the GDPR and data protection or if you would like to request a fixed fee quote for the preparation of your privacy notices, please contact Farleys Solicitors on 0845 287 0939, or contact us through our online contact form.
Download Your FREE GDPR Checklist
We have created this handy GDPR checklist to check where your business is now in terms of compliance.