Your privacy notices need to keep pace with your data processing practices. Regular reviews ensure you’re being proactive with your privacy notices – below are our thoughts on what to look for:
Processing – is your purpose and legal basis for processing personal data still relevant and accurate? If not, you might find yourself unable to lawfully use that personal data if your new practices are incompatible with your original purpose.
The data you collect – new behaviour tracking on your website, who’s opening what newsletter – if you’ve introduced new data collection practices that aren’t in your privacy notice, update your notices to reflect them (as well as any new categories of personal data you’re collecting).
Timescales – you must not keep personal data for longer than you need it. If you now need to hold personal data for longer than your privacy notice states, you’ll need to update it with a clear justification as to why this is now the case.
Contact details – ensure your business contact details are still accurate, along with those for your data protection officer if you have one (because your core activities include regular monitoring of individuals, for example).
We’ve got more for you to consider in our next privacy notice update. Later in this series we’ll be looking at audit routines, training, contracts and policies.
In the meantime, get in touch if you’d like our support to ensure you’re being proactive in your privacy practices.