Is your business is operating on the internet do you have a website? Did you know that you are legally required to have a Privacy Notice?
While many companies are getting away with non-compliance, the issue of data management is coming into force bringing additional rights for individuals. This also brings an increasing likelihood that many businesses will fall foul of the Information Commissioner’s Office (ICO). Under the current legislation, Carphone Warehouse was recently fined £400,000, although lawyers suggest that this could have been as much as £423 million under the new legislation about to be introduced.
The imminent change means that if your business is caught out, the penalties could be severe or even debilitating. The General Data Protection Regulation (GDPR) will apply from 25 May 2018 and its widely recognised that many employers, especially small businesses, have yet to understand the complexity of how this will fundamentally change their business operations.
What the GDPR is really trying to do
The main principle is to give an individual ownership of their data, permitting who, how and when their data is processed. Clear and concise language should be used to inform Individuals, called “data subjects”, of their rights. This should be done using clear and concise language, and information that is easy to understand and free to access. It is not allowed for your businesses to hide your policies in small font or darkly shaded, at the bottom of your web pages. The details need to be transparent and not just to enable a user to click on them, but also that they are written in a way that makes them easy to understand, so no legal jargon.
What the ICO want, what they really really want….
The ICO wants to see the use of more interactivity in privacy notices too. Bringing privacy notices up-to-date using icons to show individuals rights and how data is handled, along with easily digestible videos. This will be particularly relevant for any websites directly aimed at children or known to appeal to under 16’s.
Another feature they expect to see businesses adopt is the use of layering. Menu options that accompany the Privacy Notice, giving live links to the finer details of a company’s policy. You may need to outsource this work, including the requirement to provide just-in-time notices which provide users with more choice and options for how and when their data is collected. We should expect to see more ‘pop-ups’ and tick boxes that don’t just assume consent.
Reviewing your Privacy Notice
If you’re interested in finding out more about how we can help support your business, please get in touch.
Blog by Samantha