What is a Privacy Notice?

“Privacy Notice” is the term we use to refer to the Information required to meet fair processing requirements in both the data protection act and GDPR.  Before we obtain or process personal data a Privacy Notice must be provided to data subjects.  Typically a Privacy Notice starts “how we use your personal data”.

Under GDPR there is significant mandatory information to include in privacy notices, describing the type of data held and the purposes and lawful bases for processing.  It also includes information such as how long the information will be retained, whether it will be shared with other organisations and the security measures in place to safeguard personal data transferred to countries outside of the EEA.

Getting the privacy notice right is key to data protection compliance as it is the organisation’s authority to process any personal data obtained subsequently.  The privacy notice is about keeping people informed as to why their personal data is required and how it will be used.

Transparency is key and privacy notices must be accessible, meaning age and audience appropriate.  The ICO has promoted new and innovative approaches to providing privacy notice information.  They have developed a “fingerprint family” which is free to use to help simplify data protection.  The use of video was suggested as a means of getting messages across.  I found a few videos which demonstrate how much more accessible information is when presented in this type of format.  We hope they give you some ideas.

Adult but accepting that data protection may not be the most exciting topic

Easy jet https://www.youtube.com/watch?v=o199qdIdOso and ICO https://ico.org.uk/global/privacy-notice/

Generic hospital privacy notice https://www.youtube.com/watch?v=SkcOTkQSdpk


NSPCC https://vimeo.com/296874063

Not a video but a serious attempt has been made to communicate with kids in the UCL Privacy Notice here https://www.ucl.ac.uk/legal-services/sites/legal-services/files/childrens_privacy_notice_under_13_v1.pdf and the same for Penguin books here https://www.penguin.co.uk/company/about-us/notices/children-s-privacy-notice.html

Mandy P Webster, Data Protection Consultant