• Laura May

Privacy policy - where to start?

Quite often I review websites and something which is often missing is the privacy policy. This is a really important document for businesses and needs to be published on your website so people can understand how you will protect their privacy and keep their data safe.

It is the law that you need to let people know why you're collecting data, how long you will keep it and who it will be shared with. As most websites collect data (contact forms, e-newsletter subscription forms, e-commerce sites etc) you need to signpost website visitors to your privacy policy when they land on your site.

So, where do you start? Well, my advice is to check out the Information Commissioner's Office (ICO) website. It is the go-to authority for all data protection information in the UK. Here's a list of useful sections which are worth looking at as you begin drafting your privacy policy...

What is personal data?

The ICO outlines what personal data actually is and how it relates to the General Data Protection Regulation (GDPR).

Right to be informed

This section on the ICO website outlines what the 'Right to be informed' actually means for organisations and has a checklist of the information you need to provide to the public.

How to draft privacy information

This section outlines how you should approach drafting your privacy policy. It is useful when thinking about data processing within your organisation.

Assessment for small businesses and sole traders

The ICO have a self assessment checklist that you can use to see how well you comply with data protection law. You just answer the questions and at the end the ICO provide useful resources and links to help you improve.

Pay your data protection fee

All businesses also have to pay a data protection fee to the ICO, unless you are exempt. Once you have done this your details will be published on the register of controllers and you will receive a certificate.

Once you have drafted your privacy policy, ask a legal professional to check it over to make sure everything is covered. I would also strongly recommend that you speak with a marketing professional to check that the policy takes into account the Privacy and Electronic Communications Regulations (PECR).

Good luck!


#privacypolicy #privacy #dataprotection #GDPR #PECR #ICO #privacyinformation #information #processing

11 views0 comments

Recent Posts

See All