Privacy Policy Cookie Policy

How the “small print” is changing – Your Privacy Notice

Is your business is operating on the internet do you have a website? Did you know that you are legally required to have a Privacy Notice?

While many companies are getting away with non-compliance, the issue of data management is coming into force bringing additional rights for individuals. This also brings an increasing likelihood that many businesses will fall foul of the Information Commissioner’s Office (ICO). Under the current legislation, Carphone Warehouse was recently fined £400,000, although lawyers suggest that this could have been as much as £423 million under the new legislation about to be introduced.

The imminent change means that if your business is caught out, the penalties could be severe or even debilitating. The General Data Protection Regulation (GDPR) will apply from 25 May 2018 and its widely recognised that many employers, especially small businesses, have yet to understand the complexity of how this will fundamentally change their business operations.

What the GDPR is really trying to do

The main principle is to give an individual ownership of their data, permitting who, how and when their data is processed. Clear and concise language should be used to inform Individuals, called “data subjects”, of their rights. This should be done using clear and concise language, and information that is easy to understand and free to access. It is not allowed for your businesses to hide your policies in small font or darkly shaded, at the bottom of your web pages. The details need to be transparent and not just to enable a user to click on them, but also that they are written in a way that makes them easy to understand, so no legal jargon.

What the ICO want, what they really really want….

The ICO wants to see the use of more interactivity in privacy notices too. Bringing privacy notices up-to-date using icons to show individuals rights and how data is handled, along with easily digestible videos. This will be particularly relevant for any websites directly aimed at children or known to appeal to under 16’s.

Another feature they expect to see businesses adopt is the use of layering. Menu options that accompany the Privacy Notice, giving live links to the finer details of a company’s policy. You may need to outsource this work, including the requirement to provide just-in-time notices which provide users with more choice and options for how and when their data is collected. We should expect to see more ‘pop-ups’ and tick boxes that don’t just assume consent.

Reviewing your Privacy Notice

For those that already have a Privacy Policy then, it’s likely that it will need revising. The ICO has identified that many existing policies are too generic, vague and lack specific detail. If you’re a business without any policy, now’s the time to look at putting one in place. It won’t happen overnight and shouldn’t be a tick-box exercise. As you’d expect, it is possible to outsource the work, but be careful if you go down this avenue. You should choose a consultancy that’s competent at legal drafting with full knowledge of the data protection landscape and backed by professional insurance.

If you’re interested in finding out more about how we can help support your business, please get in touch.

Blog by Samantha

No Comments

Post A Comment

Need help? Not sure what? Call us today, we’d love to help!