What To Include in a GDPR Privacy Notice
With GDPR enforcement just around the corner, businesses across Europe (and the world) are assessing the ways they collect data, and the privacy notices that sit alongside them.
We're sure you've already read about how GDPR will affect digital marketing, and heard about the importance of including privacy notices across your site. So now you know that you need them, we’re ready to delve deeper into what a privacy notice actually is…
What is a privacy notice?
A privacy notice helps people understand how their personal data is used and make informed decisions about whether to share their data on the back of this knowledge.
Simply put, you need to make sure you tell your website users (data subjects) how you are going to use their data before they give you it.
Why you need to use privacy notices
GDPR is all about making the world of personal data processing fair and more transparent. Gone are the days of organisations being able to stand by the belief that they “earned” your data, so they can do what they like with it.
Personal data is owned by the individual, not the organisation it has been given to.
As the ICO says, “Being transparent by providing a privacy notice is an important part of fair processing. You can’t be fair if you are not being honest and open about who you are and what you are going to do with the personal data you collect.”
What you need to include in a privacy notice
Under the GDPR, the information you provide about how you process people’s personal data needs to be:
- Concise, transparent, intelligible and easily accessible
- Written in clear, plain language (especially if you’re addressing children)
- Available free of charge
When writing a privacy notice, be sure to address the following:
- What data are you collecting?
- Who is collecting the data?
- Will it be shared with any other organisation? Who? (Name them.)
- Why are you collecting this data?
- How will you use it?
- Can they opt out of you using their data later down the line?
What does a privacy notice look like?
Writing your privacy notice should be easy enough - but how should it be presented?
There are two ways to format a privacy notice that the ICO supports.
The first ICO advocated approach to presenting your privacy notices is through layers.
Layers allow you to provide as much information as you need to in your privacy notice clearly and effectively, without taking up too much space.
Just in time notices
The second example from the ICO of how to display your privacy notice is through the use of a just in time notice.
As shown below, when a user interacts with a data field, the information about how you will use that specific piece of data appears.
They can then decide if they want to continue, or they can follow a link to read more about how you process user data.
Updating your privacy notices to be in line with GDPR requirements doesn’t need to be as intimidating or complicated as it may initially seem - the focus is all on transparency.
Further information about privacy notices from the ICO can be found here: