Communicating privacy information
I can do no better than quote directly from the Information Commissioner’s Office, the ICO, website page on this topic which is very helpful and clear,
“You should not necessarily restrict your privacy notice to a single document or page on your website. The term ‘privacy notice’ is often used as a shorthand term, but rather than seeing the task as delivering a single notice it is better to think of it as providing privacy information in a range of ways. All of the information you are giving people about how you are processing their data, taken together, constitutes the privacy information. More here
You can communicate:
- In writing
- through signage
As Mark Gracey says, “If you are at a trade show, for example, and you collect personal information, be clear what you will do with it.”
Some Useful Tools and Templates
These Steps to Compliance, on this sheet specifically page 6 are concise and useful – here
Key actions we recommend for small businesses looking to address their GDPR are:
- Awareness & Training – review ICO Preparing for GDPR 12 steps to take now here
- Audit – The key point is where is data stored, where did it come from (data flow). Remove redundant data.
- Privacy notices in practice – ICO guidance.
- A lawful basis to process personal information e.g. consent or for contracts – see here
- Procedures – record your processes similar to ISO or other procedures. If you area Microsoft user they have a portal for this: aka.ms/compliancemanager
- Appoint a person responsible for data protection – Data Protection Officer – DPO.
Make GDPR an Opportunity
I think it is an opportunity to get more business. You may groan…The point is that old data should be destroyed, so what is the problem? That will save you time and cost avoiding looking at redundant information. The data you have left in the form of contract information and marketing information should be used to get sales, so put it to use:
- Contact people with offers, don’t just ask for consent
- Find out if you have worthwhile data, if not you need more and better
- Or improve the relationship with a marketing:
- New services
- New products
These are just ideas…
If GPDR makes us all do more to improve our data, replace it or work better with it, that is good. The solution to dealing with your GDPR challenge is about context. A bit like when you climb a hill. The view you get varies every time you stop and look. Simply, locate and understand personal data in your business.
Peter Eales BA Hons Chartered Marketer FCIM FIDM
Founder Director Dorset Business Angels
MD o i solutions limited