How do you make sure your privacy notice gets the job done, conveying privacy information in a concise, clear, easy-to-understand way? Read on for some useful tips!
Contents
Articles 13 and 14 of the UK GDPR set out the lists of information which must be provided to a data subject. The articles cover situations where personal data has been obtained directly from the data subject and obtained from a third party respectively. You need to make sure you include all the necessary information. Regulators often have their own guidance/requirements, so it is important to check this as well.
Format
Article 12 of UK GDPR requires that the privacy information must be provided to the data subject ‘in a concise, transparent, intelligible and easily accessible form, using clear and plain language’. The information can be in written or electronic form, or even provided orally if the data subject requests it. Although, it is good practice to use the same medium you use to collect personal data to deliver the privacy information.
You should take time to re-read what you have written and ask yourself – is this easy to understand? How could I make it clearer? Perhaps you could run it by a colleague to see what they think and if they have any questions.
Providing privacy information effectively
It is key to consider the context and audience for your notice, rather than adopting a one-size-fits-all approach. The ICO suggests a number of techniques which can be used to provide privacy information effectively, for example:
Layered approach: where short notices provide key information, and additional layers of detailed information are provided.
Just-in-time notices: these are notices displayed at a key point in a user journey to inform people about how their data will be used and allow them to manage this.
Dashboards: these provide individuals with information about how their data is used and give them the ability to manage this.
In the ICO’s view, a blended approach using these techniques is likely to be the most effective way to provide privacy information. If you are processing the personal data of vulnerable data subjects, such as children, you will need to give extra care to consider how to present the information in a way that they will understand it.
Keeping your privacy notice up to date
It is important to review your privacy notices regularly to check that they accurately reflect what you do with personal data and update them, if necessary. In particular, bear in mind any changes to your systems, new uses of personal data and complaints you have received about the way data has been used. Remember, if you plan to use personal data for a new purpose you will need to tell people about this before you do it.
Contact us
If you need help getting your privacy notices into shape, get in touch by emailing hello@hellodpo.com.