In order that people understand what happens when they hand over their personal information privacy notices have to appear ‘just in time’, that is, at the point the person is handing over information. And in keeping with the overall principles of the GDPR, notices should be honest and transparent.
If you’ve done a data map of what information you’re holding and where it’s come from you’ll be able to identify where those points are – and therefore where you need to add a privacy notice.
At VONNE we’re starting with our online communications. People give us their personal information in a number of ways, for example:
For each of those examples we need to write a short privacy notice ‘just in time’ and link to our full privacy notice. This ensures that anyone who hands over their information knows exactly what will happen to it.
What should a privacy notice look like?
A good privacy notice should be written clearly, using plain English and avoiding technical language or jargon.
Think about who is going to read it. If you’re talking to children, vulnerable individuals, or people whose first language isn’t English, you might need to break your notice down to make it easier to understand.
There are a number of things which have to be included in the privacy notice including:
- what lawful basis you are using to process the data;
- what you will be using the data for; and
- the right of the individual to access their data.
Next time: Data retention and lawful basis.