Ketan Mistry


Commercial Law

Are your website privacy policies GDPR compliant?

Ketan Mistry


You will no doubt have been made aware through the media of the new data protection regulations, known as the GDPR, that become effective as of 25th May 2018.

After two years in the making, many organisations have had GDPR compliant practices and measures  for some time now. For others, they will be wondering if they have done enough.

The Information Commissioner indicated that by this date she wants organisations to demonstrate that they are “on the journey” to compliance. An essential part of ensuring compliance with the GDPR is the privacy notice on your website. This notice is to notify the website visitors about how you collect, use and store their personal data.

The GDPR promotes a move away from privacy policies bogged down with legal jargon and a shift towards transparency, written in clear, plain language and including more information about how your organisation processes personal data.

We have provided below top five tips to think about to ensure that your privacy policy is GDPR ready:

1.    Clarify the data controller’s identity

If you are the data controller include your full business and contact information online. If you have appointed someone in your organisation as a data protection officer we would suggest that you include their contact details so any queries are directed to them.

2.   Clarify what personal data is being collected 

This includes, but is not limited to, identity data such as names and addresses, contact information such as telephone numbers. Also, don’t forget technical data which includes internet protocol (IP) addresses and other technology on the devices your clients use to access your website.

3.   Clarify how personal data is being collected

This includes things such as when your customers apply for your products and services and when they create an account on your website. Ensure this is bespoke to your business and include all methods of collection of personal data.

4.   Clarify when personal data is shared

You must explain if a customer’s personal data may be disclosed to a third party and the purpose for this disclosure.

5.   Ensure accessible and transparent display

The privacy policy should ideally be easily accessible on your website, not hidden away. If you do have a mobile app, you should include a link to your privacy policy on the app store.

If you haven’t done so already, we strongly suggest that you review your policies to ensure they are GDPR compliant. If you are concerned about its contents or would like a new policy please contact the Fraser Brown Commercial Team on 0115 9888 777.


Sitemap | Ask a question | Careers | Accessibility | Terms of Use | How we handle your data

© 2019 Fraser Brown Solicitors. Authorised and regulated by the Solicitors Regulation Authority.
SRA Number: 0048586   |SRA |  VAT Number: 116 4751 78

Fraser Brown is a partnership of limited companies. Any references to partners in any document should be taken as being references to the directors of the limited companies and not to individual partners of the firm.