GDPR Jargon Buster: Privacy Notices

GDPR Jargon Buster: Privacy Notices

GDPR Jargon Buster: Accountability

To comply with the fairness and transparency requirements of the UK GDPR, privacy notices are designed to give those providing personal data (data subjects) with appropriate information on how their personal data will be used.

As perhaps most information is gathered via the internet or otherwise electronically, privacy notices are typically found on organisations’ websites. They contain a plethora of information on what information the organisation is collecting and the uses they will make of it. Articles 12 to 14 of the UK GDPR set out broad requirements of the information to be provided. There are some differences in the requirements depending on whether the organisation collecting the data is doing so directly from the individual or from another source, such as a bought-in database. Key information that must be provided includes:

The controller

The correct identity of the organisation collecting the information.                                                                                                                                    

 

The purpose

The reasons why data is being used.                                                                                                                                                                                

 

The legal basis for processing

The relevant legal grounds that must be stated for the processing to be lawful - there are a limited number of these.                                                 

 

Automated decision making and profiling

Data subjects must be informed if this will be taking place, and given meaningful information on the logic used and the consequences for the individual.

 

The recipients

The entities with which the data may be shared, if any.                                                                                                                                                    

 

International data transfers

Information on any transfers of the data outside of the UK, and the legal basis for this - there are a limited number of these.                                        

 

Duration

The period the data will be retained or way of calculating this.                                                                                                                                         

 

Consequences

Where a data subject has to provide data as a matter of law or as a contract requirement, they must be informed of the consequences of failure to provide such data.

 

Rights

Data subjects must be advised of their GDPR rights - such as their right to access their data and have it erased or rectified.                                      


For more information or advice on data protection compliance, please contact Beverley Flynn or another member of the commercial and technology team.

Contact our experts for further advice

View profile for Beverley FlynnBeverley Flynn
, View profile for Rachel WrightRachel Wright

Search our site