Ketan Mistry


Commercial Law

Are your website privacy policies GDPR compliant?

Ketan Mistry

Your privacy policies and GDPR compliance


The upcoming General Data Protection Regulations (“GDPR”) will radically shakeup  the way that company privacy policies are drafted and presented. Importantly, there is a shift away from policies being bogged down with legal jargon to being concise, written in clear, plain language.  We have provided below our top five tips to think about to ensure that your privacy policy is GDPR ready:

1.    Clarify the data controller’s identity

If you are the data controller, include your full business and contact information. Also, if you have appointed someone in your organisation as a data protection officer we would suggest that you include their contact details so any queries are directed to them.

2.   Clarify what personal data is being collected 

This includes, but is not limited to, identity data such as names and addresses, contact information such as telephone numbers and email addresses. Also don’t forget technical data which includes internet protocol (IP) address and other technology on the devices your clients/customers use to access your website.

3.   Clarify how personal data is being collected

This includes things such as when your customers apply for your products and services, when they create an account on your website and even requesting marketing are all examples of how you can conceivably collect personal data from your customers. Ensure this is bespoke to your business and include all methods of collection of personal data.

4.   Clarify when personal data is shared

You must explain if a customer’s personal data may be disclosed to a third party and the purpose for this disclosure.

5.   Ensure accessible and transparent display and presentation

The privacy policy should ideally be easily accessible on your website, not hidden away being difficult to find. If you do have a mobile app, you should include a link to your privacy policy on the app store.

As mentioned earlier, the language of the policy must be easily understandable to someone with no background in law. The format should be accessible, preferably with headings and bullet points so it can be read easily and is transparent.


Word to the wise

The GDPR is coming into force in less than one month now so we strongly suggest, if you haven’t done so, that you review your policies now to ensure they are GDPR compliant. If you are concerned about its contents and would like them to be reviewed or would like a new policy the Fraser Brown Commercial Team would be happy to assist.


If you're interested in any of the topics raised in this article, or for further information, please contact Ketan Mistry. Alternatively, you can call to speak to one of the team on 0115 9888 777.

Sitemap | Ask a question | Careers | Accessibility | Terms of Use | How we handle your data

© 2018 Fraser Brown Solicitors. Authorised and regulated by the Solicitors Regulation Authority.
SRA Number: 0048586   |SRA |  VAT Number: 116 4751 78

Fraser Brown is a partnership of limited companies. Any references to partners in any document should be taken as being references to the directors of the limited companies and not to individual partners of the firm.