Have you ever wondered if or how you can create your own DIY privacy policy? Take a look as we uncover the what, where and why of a privacy policy and how you can put together your own without the need of a lawyer, and ensure GDPR compliance today!
1. What is a Privacy Policy?
Also commonly referred to as a ‘privacy notice’, ‘fair processing information’ or ‘privacy information’.
But what is it? All these terms refer to information that an organisation, as the data controller, presents to its data subjects (clients, employees, and customers) and covers the following key areas:
- Why the organisation needs people’s personal data,
- Where it came from and what the organisation plans to do with it,
- How long they are going to keep it for,
- If they are going to share that information with anyone else, and
- What rights the data subject have.
2. Where Can I Find One?
One of the easiest ways to find a privacy policy is in the footer of an organisation’s website landing page. Just have a look…, in fact, there should be one right at the bottom of this page! (Bottom-left if that helps… or here if you like a link!).
Privacy policies must be made freely available and easily accessible to those having their personal data collected (the data subjects).
3. Do I Need A Privacy Policy
If your organisation holds personal data, which, chances are it probably does, it will need a privacy notice/policy. Don’t forget your employees here, they share lots of personal data with you, some of it may be health related which is sensitive personal data.
There is a legal obligation under UK GDPR (Articles 13 & 14 to be precise) to provide privacy information, underpinned by the principle of Transparency which requires you to be open, clear and honest about how and why their data is used. The privacy policy is designed to reassure people that as an organisation, you have at least thought about how you will keep people’s personal data safe, if you’ll share it and what you’ll do with it when it’s no longer needed.
Two key things a privacy policy helps with:
- Builds trust with clients and customers.
- Demonstrates that your organisation takes data protection seriously, especially to the ICO (which, by the way, is a great resource on all things data privacy).
And all of this is the same for cookies too… but that’s another blog!
4. Do You Need to Pay a Lawyer to Write a Privacy Policy?
In short, no.
Why? For one, there is no legal requirement for a lawyer to have to write your privacy policy for you. The Information Commissioner’s Office (ICO) knows this and so has a raft of guidance and help available on their website.
The ICO’s SME web hub has a number of tools and tips including a ‘how to’ guide on making your own privacy notice.
Need Help?
If you get stuck, help is just at the other end of a phone or mouse click or two. If the ICO’s guidance doesn’t quite deliver the help you need, we at Risk Evolves have subject matter experts that can. If you’d like to know more, please just get in touch for a free no-obligation consultation.