You will no doubt have been made aware through the media of the new data protection regulations, known as the GDPR, that become effective as of 25th May 2018.
After two years in the making, many organisations have had GDPR compliant practices and measures for some time now. For others, they will be wondering if they have done enough.
The Information Commissioner indicated that by this date she wants organisations to demonstrate that they are “on the journey” to compliance. An essential part of ensuring compliance with the GDPR is the privacy notice on your website. This notice is to notify the website visitors about how you collect, use and store their personal data.
The GDPR promotes a move away from privacy policies bogged down with legal jargon and a shift towards transparency, written in clear, plain language and including more information about how your organisation processes personal data.
1. Clarify the data controller’s identity
If you are the data controller include your full business and contact information online. If you have appointed someone in your organisation as a data protection officer we would suggest that you include their contact details so any queries are directed to them.
2. Clarify what personal data is being collected
This includes, but is not limited to, identity data such as names and addresses, contact information such as telephone numbers. Also, don’t forget technical data which includes internet protocol (IP) addresses and other technology on the devices your clients use to access your website.
3. Clarify how personal data is being collected
This includes things such as when your customers apply for your products and services and when they create an account on your website. Ensure this is bespoke to your business and include all methods of collection of personal data.
4. Clarify when personal data is shared
You must explain if a customer’s personal data may be disclosed to a third party and the purpose for this disclosure.
5. Ensure accessible and transparent display
If you haven’t done so already, we strongly suggest that you review your policies to ensure they are GDPR compliant. If you are concerned about its contents or would like a new policy please contact the Fraser Brown Commercial Team on 0115 9888 777.