Data Privacy Notice - Communicating with individuals

GDPR gives the data subject enhanced rights over their data; under GDPR you must offer transparency to the individual. For companies it means that targeted communication is essential.

A good starting point is to tell people (prospective customers)

  1. Who you are and what you do
  2. Why you need their information and what you are going to do with it
  3. Who will you be sharing it with

These three points are the basis of your privacy notice.

You can give more detailed information and indeed you should if you believe that not giving them further details will make the processing of their information unfair,  being fair and honest builds customer trust in your organisation.

First identify any GAPS in your data collection processing, address the GAPS, bearing in mind that you are now accountable for all of the data that you gather, store and process. Data privacy notices must be reviewed and ensure that they are fit for purpose and GDPR compliant.

You MUST keep individuals informed as to how you intend to use their data.

Your Privacy Notice must tell individuals that their data is being collected and the purpose it is going to be used for.

Before you gather and process an individual’s data you must tell them:

  • Your reasons for gathering their data
  • What you will be using it for
  • Who you will disclose it to
  • Where is data stored – are you going to transfer it outside of the UK or the EU?
  • How long you will retain the data
  • Will the data be used for automatic decision making?
  • That they have the right to complain
  • The legal basis for processing

Your Privacy notices must be written in clear, straight forward language that is easy to understand.