Privacy Policy - GDPR Data Protection Policy | InfoLore Ltd

All websites should have a Privacy Policy, as it describes how you look after personal data. What many people don’t realise is that the concept of the Privacy Policy was actually not brought in by the GDPR, it has actually been a longstanding requirement*.

What should a Privacy Policy include?

A Privacy Policy tells individuals how their data is used, and includes the visitors to your website. Using a Privacy Policy is a good way to ensure users understand what you are doing with their data.

The policy should be as short as possible, and clear so people can fully understand it. As well as being accurate, it should also be written in laymen’s terms and in uncomplicated language.

Here is what is required with a Privacy Policy:

  • Legal name, address and registered number (for a limited company)

You should be sure to include your full legal entity name and trading name too.

  • The right to make a complaint to a supervisory authority

Users must be informed that they can contact the ICO freely.

  • That personal data is being collected

Here you should detail the types of personal data you collect, and where it comes from. Also ensure the information is genuinely needed.

  • Explain why you are collecting the personal data

You need to explain why the personal data is needed – for example, to provide the user with the services they request.

  • Whether there are joint data controllers involved

You need to be clear on who else is looking after, or has access to your data.

  • Whether the website is aimed at under 16’s

This is something that you need to consider.

  • How you will contact users based on the information they have provided – for example, via email, phone, text

You need to have a record of how the users would like to be contacted

  • Details of how users can opt out

You must clearly explain how users can opt out, and delete their account should they wish.

  • How you will inform users when the Privacy Policy is changed

It must be explained how users can view and access the updated versions, and whether or not a user is required to save their policy.

  • Be clear about retention

You need to specify how long you will hold the personal data, and your reasons for this time frame.

  • Legal rights

It must be clear to users what information they are allowed to ask for, in relation to their personal data.

  • Security

You must keep users’ personal data secure, and clearly highlight the measures you are taking to protect their data.

  • DPO contact

If you are required to have a data protection officer, you need to add in their contact details.

  • Third parties with who you share the information

If you do share the data with other parties, you need to not only make this clear, but specify who they are.

  • International transfers

You also need to specify if the data will be transferred outside of the EEA, and if so with whom.

Summary

So, putting together a Privacy Policy isn’t too onerous, and adopting the above points will help you on the right track to GDPR compliance. Another thing to note is that your Privacy Policy needs to be easily accessible from your homepage, and easy to find on your website.

 

InfoLore are available to offer support on your journey to GDPR Compliance. If you like our articles / blogs and would like to be kept up to date with GDPR and cyber security, please sign up to our newsletters. We promise not to send more than one a month, and only if we have sufficient information to impart.

*In 1995 the European Union (EU) introduced the Data Protection Directive[5] for its member states.