Interest in Privacy Notices

What is a Privacy Notice?

“Privacy Notice” is the term we use to refer to the Information required to meet fair processing requirements in both the data protection act and GDPR. Before we obtain or process personal data a Privacy Notice must be provided to data subjects. Typically a Privacy Notice starts “how we use your personal data”.

Under GDPR there is significant mandatory information to include in privacy notices, describing the type of data held and the purposes and lawful bases for processing. It also includes information such as how long the information will be retained, whether it will be shared with other organisations and the security measures in place to safeguard personal data transferred to countries outside of the EEA.

Getting the privacy notice right is key to data protection compliance as it is the organisation’s authority to process any personal data obtained subsequently. The privacy notice is about keeping people informed as to why their personal data is required and how it will be used.

Transparency is key and privacy notices must be accessible, meaning age and audience appropriate. The ICO has promoted new and innovative approaches to providing privacy notice information. They have developed a “fingerprint family” which is free to use to help simplify data protection. The use of video was suggested as a means of getting messages across. I found a few videos which demonstrate how much more accessible information is when presented in this type of format. We hope they give you some ideas.

Adult but accepting that data protection may not be the most exciting topic

Easy jet https://www.youtube.com/watch?v=o199qdIdOso and ICO https://ico.org.uk/global/privacy-notice/

Generic hospital privacy notice https://www.youtube.com/watch?v=SkcOTkQSdpk

Children

NSPCC https://vimeo.com/296874063

Not a video but a serious attempt has been made to communicate with kids in the UCL Privacy Notice here https://www.ucl.ac.uk/legal-services/sites/legal-services/files/childrens_privacy_notice_under_13_v1.pdf and the same for Penguin books here https://www.penguin.co.uk/company/about-us/notices/children-s-privacy-notice.html

Mandy P Webster, Data Protection Consultant

About the Author: mandy.webster

Since June 1999 Mandy Webster has been a freelance consultant offering audit, advice and training on privacy, information security and e-commerce issues as Data Protection Consulting Limited. The company’s mission is to help clients from a variety of sectors, and of all sizes, comply with data protection law and to that end it offers a range of solutions. Mandy, a qualified lawyer, is author of ‘Data Protection for the HR Manager’ and ‘Data Protection in the Financial Services Industry’ published by Gower and “Effective Data Protection” and ‘The ICSA Data Protection Troubleshooter’ published by ICSA Publishing Limited. Mandy is a well-known writer, commentator and speaker on data protection.

Interest in Privacy Notices

What is a Privacy Notice?

Paying for data harvesting?

Top tips for managing CVs

Review of GDPR Right to be Informed

Article 30 records and Privacy Notices

Spanish bank fined six million euros for privacy policy failings

Interest in Privacy Notices