GDPR is here! Can you demonstrate that you comply? Find Out More
Skip to content

Privacy Notices

Privacy Notice Padlock

Is this a Privacy Notice????

Private Property

Well, it might be, but not in this country or in relation to data protection.

Hopefully by now, we all know that, under GDPR, when an organisation collects personal information from an individual, the controller (the organisation) shall at the time when the information is obtained, provide certain information regarding how they are going to process the personal data. This is a Privacy Notice, although it is often referred to as a privacy policy.

If personal data is obtained from a third party that does not negate the organisation’s responsibilities towards the individual and a Privacy Notice should still be provided, unless an exemption applies.

The purpose of the Privacy Notice is to provide information about how the individual’s personal information will be handled, including the legal basis for processing, who their information will be shared with (if anyone) and how long it will be retained. It will also explain the individual’s rights relating to the processing of the information.

A Privacy Notice should be concise, transparent, intelligible, use clear and plain language and be provided in an easily accessible form. Although, it can be provided verbally in some circumstances, it should be provided in writing, whenever possible, including electronic means.

If you have a ‘Contact Us’ page on your website or you obtain personal information through your website, then your Privacy Notice should be accessible through that means. However, in many cases, the Privacy Notice link on an organisation’s website directs the user to a Cookie Policy, not a Privacy Notice. These are not the same thing. Cookie Policies or, to use the correct terminology, Cookie Notices, are covered in a separate blog.