Data Privacy Notice - Communicating with individuals
GDPR gives the data subject enhanced rights over their data; under GDPR you must offer transparency to the individual. For companies it means that targeted communication is essential.
A good starting point is to tell people (prospective customers)
- Who you are and what you do
- Why you need their information and what you are going to do with it
- Who will you be sharing it with
These three points are the basis of your privacy notice.
You can give more detailed information and indeed you should if you believe that not giving them further details will make the processing of their information unfair, being fair and honest builds customer trust in your organisation.
First identify any GAPS in your data collection processing, address the GAPS, bearing in mind that you are now accountable for all of the data that you gather, store and process. Data privacy notices must be reviewed and ensure that they are fit for purpose and GDPR compliant.
You MUST keep individuals informed as to how you intend to use their data.
Your Privacy Notice must tell individuals that their data is being collected and the purpose it is going to be used for.
Before you gather and process an individual’s data you must tell them:
- Your reasons for gathering their data
- What you will be using it for
- Who you will disclose it to
- Where is data stored – are you going to transfer it outside of the UK or the EU?
- How long you will retain the data
- Will the data be used for automatic decision making?
- That they have the right to complain
- The legal basis for processing
Your Privacy notices must be written in clear, straight forward language that is easy to understand.
- Privacy policies for Children
- Safe Harbor Certification
- The Importance of Safe Harbor Certification
- Privacy Breach
- NHS care.data delayed - updated
- CASL - Canadian Anti Spam Legislation
- Changes to Safe Harbor certification
- Facebook Instant Personalization
- Safe Harbor vs Binding Corporate Rules
- Safe Harbor 2.0
- GDPR - General Data Protection Regulation
- Difference between GDPR and ePrivacy regulation
- What are Standard Contractual Clauses?
- Privacy Shield Vs Standard Contractual Clauses
- Data Protection for the Social Housing Sector
- Does Working from Home Affect Data Protection?
- How Can I demonstrate that My Organisation is GDPR Compliant?
- To BREXIT and Beyond!
- GDPR - The Data Audit
- Preparing for GDPR
- Marketing and GDPR
- GDPR & International Organisations
- Processing Data Belonging to Children
- The Data Breach
- The Data Protection Officer
- DPIA - Data Protection Impact Assessment
- The Legal Basis for Processing
- GDPR is not just about DATA . . . its about PEOPLE and REPUTATION
- Privacy Rights of Individuals under GDPR
- Data Privacy Notice - Communicating with individuals