An integral part of your EU General Data Protection Regulation (GDPR) compliance project is producing appropriate documentation, which includes a privacy notice.
If you are just beginning your GDPR project, it is unlikely that you will be fully compliant by the time the Regulation is enforced on 25 May 2018.
However, in our recent blog, GDPR priorities in the lead-up to May, we suggested that your organisation should prioritise creating a privacy notice, and display this to data subjects wherever you capture data, to prove you are making an effort to comply.
How does a privacy notice differ from a data protection policy?
A privacy notice is a public statement of how your organisation applies data protection principles to processing data. It should be a clear and concise document that is accessible by individuals.
This piece of documentation differs from a data protection policy, which is an internal document that goes into detail about data protection objectives, responsibilities and how to handle violations.
Look at our blog, How to write a GDPR data protection policy, for more information on creating a data protection policy.
Privacy notice under the GDPR
Articles 12, 13 and 14 of the GDPR outline the requirements on giving privacy information to data subjects. These are more detailed and specific than in the UK Data Protection Act 1998 (DPA).
The GDPR says that the information you provide must be:
- Concise, transparent, intelligible and easily accessible;
- Written in clear and plain language, particularly if addressed to a child; and
- Free of charge.
Help with creating a privacy notice template
The privacy notice should address the following to sufficiently inform the data subject:
- Who is collecting the data?
- What data is being collected?
- What is the legal basis for processing the data?
- Will the data be shared with any third parties?
- How will the information be used?
- How long will the data be stored for?
- What rights does the data subject have?
- How can the data subject raise a complaint?
Below is an example of a customisable privacy notice template, available from the market-leading EU GDPR Documentation Toolkit.
The EU GDPR Documentation Toolkit is designed and developed by expert GDPR practitioners, and has been used by thousands of organisations worldwide. It includes:
- A complete set of easy-to-use and customisable documentation templates, which will save you time and money and ensure GDPR compliance;
- Helpful dashboards and project tools to ensure complete GDPR coverage;
- Direction and guidance from expert GDPR practitioners; and
- Two licences for the GDPR Staff Awareness E-learning Course.