RWD Client Area

Don’t Panic! Updating Privacy Notices for GDPR Compliance

Posted on: 17th May 2018GDPR Don't Panic

The General Data Protection Regulation finishing line of 25th May 2018 is staying steadfastly still while the present moment is hurtling selfishly down the racetrack towards it. Anyone who is aware of this deadline is minutely conscious of all the things that have to be done in this narrowing span of time. The latest item ticked off the list is updating our Privacy Notice and informing our clients that they need to refresh theirs as well.

Data Processing

The purpose of the Privacy Notice is to tell people exactly how you collect their data, what you do with it, who you share it with, how long you will keep it for and how they can reclaim it or request it be deleted. We don’t have a legal department, so we can’t write our clients’ Privacy Notices for them. The best we can do is offer up our own interpretation of a compliant Privacy Notice for them to use as a template and provide them with a list of all the ways that their website captures data.

Disinformation Commissioner’s Office

The Information Commissioner’s Office (ICO), who are responsible for enforcing the new regulation, have done very little help to organisations seeking to be compliant. In the course of our research, we found their labyrinthine website the very opposite of their instructions to others to be ‘clear and concise’. Their own Privacy Notice that we thought might serve as a template is due to be updated on the 25th May. Thanks – that’s really helpful.

Age of Consent

Most businesses with a website have been blithely collecting data from visitors and for the most part doing nothing with it. Some organisations have been using legitimately collected information (e.g. an email address collected so they can send you an e-receipt) for marketing purposes. This is slightly shady under current laws; once GDPR is enacted, it will be absolutely illegal to market to anyone who has not given clear consent for you to do so. No more pre-ticked boxes – consent must be obtained honestly.

Common Sense

The ICO have said they won’t be chasing down SMEs that aren’t fully compliant the second that the witching hour strikes on deadline day. Provided you can show that you are taking steps to have the correct procedures in place, you should be safe. A thorough Privacy Notice and informative Cookie Policy detailing how your organisation processes data is definitely one of those steps. A lot of the rest is common sense. Respect the personal data that you have. Store it securely. Only use it for the purpose that you told the data subject you were going to use it for when it was handed over. 

Stay up-to-date with the latest industry news by following us on Facebook and Twitter.