A privacy notice is a statement issued by a data controller which gives individuals (or “data subjects”) certain information including who the data controller is, what the data controller is going to do with their information; and who the information will be shared with. This is usually done through a privacy notice on the data controller’s website.
Now that the GDPR is in effect from May 2018, privacy notices need to contain even more information. For example, individuals must be told what the lawful basis for processing their data is (for example, whether they have given their consent, or whether the process is required by law or some other reason). The data controller also needs to explain how long the data will be held for. It should also be made clear that individuals can complain to the Information Commissioner’s Officer if they are concerned about how their data is treated.
As a result, many organisations need to change their current privacy notices, and we can advise on how best to do this.
