Last week we shared our initial thoughts on how to ensure your privacy notices keep pace with your data processing practices. Below is pt.2 on what your privacy notices need to cover…
Sharing – if you need to share personal data with third parties, clearly explain why and what they’re going to do with the information (and how they’re going to keep it secure).
Transfer – post-Brexit the European Commission provided an adequacy decision meaning rules on transfers of personal data between the EU and UK are unchanged. That said, your privacy notice will still need to call out if you transfer data outside of the UK, where to, and the legal basis for the transfer.
Rights over data – clearly explain individuals’ rights in respect of the data you collect and how they can exercise them including access, deletion, correction, or withdrawal of consent.
Complaints – explain who to contact if individuals have any queries or concerns along with their right to contact the Information Commissioner’s Office (ICO) if they’re unsatisfied with your response.
Keep your privacy notice simple, straight-forward, and use real examples throughout to present the relevant detail in a user-friendly and meaningful way. Ensure to communicate whenever you’ve updated your privacy notice. If you need our support, get in touch.