Is Your Privacy Notice Adequate?

2 minute read.

To comply with UK regulations, companies need to have a valid, legal reason for collecting, processing and storing personal information.
This reason needs to be clearly communicated, along with the way a user’s personal information is stored and shared. Notices should be clear as to how a user can find out what information is stored by the company, and how to ask for it to be removed, both when a user submits the information and after that.
Most often, company websites promote this type of information in a privacy notice, often found at the bottom of the home page.
However, a recent study by the International Commissioner’s Office (ICO) found that UK websites are not forthcoming enough in their privacy notices to customers.
A review of 30 websites in the retail, banking, lending, travel and finance sectors across UK businesses showed that data protection and privacy notices were generally inadequate or at very least, too vague for customers to fully understand the data protection policies in place.
Generally, websites were good at explaining what data was being collected, but 26 websites failed to specify how and where data was stored.
26 websites also failed to clarify who data was shared with, whether internationally or with third parties. Three websites made no reference as to whether data would be shared with third parties at all.
Only six of the 30 websites referred to their data retention policies and 24 websites didn’t make it clear how a user would be able to find and delete their personal data.
For many businesses, this would cause problems with the ICO and may even lead to a fine, particularly when the General Data Protection Regulation comes into force in May, 2018.
Don’t be caught out. Check your privacy notices!
For more information on the GDPR, join our workshop on January 25th, 2018.

UPCOMING COURSES

Book a Course