Important changes to your website privacy policy

Written by
Ben Rose

Updated 13th October 2016

On 7 October 2016, the Information Commissioner's Office (ICO) released a new code of practice (the Code) for privacy notices. The guidelines aim to improve transparency and fairness for individuals when organisations are collecting and using their personal data.

The Code highlights five key areas to consider when drafting new, or amending existing, privacy policies:

Content

Rather than using a privacy policy template, the ICO recommends developing bespoke wording relevant to both the data being collected and the intended audience. The Code encourages you to map out how the information is processed in your organisation, so as to provide sufficient detail to individuals on how their data will be used. The ICO believes that the process of creating a tailored policy can in itself lead to improvements in the way personal data is used, while encouraging businesses to align their privacy policies with their house style and approach.

The Code includes further guidance on obtaining and recording consent from individuals (where this is relevant) and some examples of good practice, including some standard wording for seeking consent for direct marketing, which has helpfully been tested on members of the public.

Control

Individuals should be given more control over the management of their personal data and how it will be used. The ICO advocates using a privacy dashboard, allowing users to indicate their agreement to particular types of data processing or sharing, and change these settings at any time.

Communication

How and when a business communicates its privacy notice is a core part of The Code. The ICO encourages businesses to be innovative and avoid using a single document when other methods of communication would be more effective. Clear and simple language should also be used whenever possible, although The Code acknowledges this isn't always easy when complex technologies and processes are involved.

Consultation

Before rolling out a new privacy policy, you should also seek the input of the intended audience to check that it's doing its job effectively. This helps you test: (i) whether individuals understand the policy; (ii) if it is clear and appropriate to the audience; and (iii) whether it contains any errors.

shutterstock_323566982-copy

The Code also includes a privacy notice checklist with key points to help you draft these effectively.

Following this guidance will help you comply with the General Data Protection Regulation (GDPR), although bear in mind you also need to include the further information listed (in the GDPR section of the code/Articles 13 and 14 of the GDPR) to fully comply. If you're wondering how this will be affected by Brexit, the ICO has said it is extremely likely that the GDPR will start to apply before Britain leaves the European Union and, in any case, you will need to comply to do business in the EU.

The ICO can currently award fines of up to £500,000 for failing to prevent a breach of the Data Protection Act 1998 (DPA) and under the new GDPR – coming into force in 2018 - maximum fines will increase to €20m, or 4% of a company's global turnover.

Digital Risks provides insurance protection for defence costs and expenses as a result of a civil regulatory action, such as breach the DPA or GDPR, as well as the actual regulatory award, civil penalty or fine payable, to the extent that these are insurable by law.

Need further information? Then contact Edward Ventham.


Share this article

Related Posts

13th December 2018
1  minute read

Lost and stolen gadgets could cost you more than you think

What risks are you subject to when using, and losing, portable devices? What steps can you take to protect your devices and data? How should you respond in the event of loss?

12th December 2018
1  minute read

GDPR bears its teeth

After months of preparation and hype, on 25th May 2018, the GDPR finally came into force. We reflect on the impact of GDPR on businesses so far.

23rd August 2018
1  minute read

Revolution or damp squib? Open Banking, the story so far!

Back in January, we were promised a revolution in banking, with the introduction of Open Banking legislation. The new rules were designed to bust open the big banks’ monopoly over customer data, encouraging innovative new financial services and increasing consumer choice. So, how are things are going?