Map of Europe
Digital marketing

Update your privacy policy now

We all know GDPR is the biggest overhaul in regulations governing personal data for decades. And to be fair, it was about time. Too many unscrupulous organisations were riding roughshod over the Data Protection act, buying and selling people’s details, and bombarding people with untargeted marketing messages.

GDPR will bring data protection regulation in line with how we use and process data now. There’s a bit to get your head around, but once you do, GDPR is pretty straightforward. If you collect and process people’s data, you have to make sure their privacy is respected, and protected.

The first and most necessary step is to update your Privacy Policy. GDPR includes a longer and more detailed list of information that must be provided in a Privacy Policy, than the Data Protection Act does. There are also some differences in what you are required to provide, depending on whether you are collecting the information directly from data subjects or from a third party.

Essentially your Privacy Policy should let the reader know:

  • who you are
  • what you are going to do with their information; and
  • who it will be shared with.

There’s loads of great advice out there about writing your Privacy Policy from the likes of the ICO(Information Comissioners Office) and the DMA. Both organisations advocate a layered approach to your Privacy Policy where the most important information is upfront and then there is a more detailed privacy policy underneath it.

Before you put fingers to keyboard you need to work out:

  • what information you hold that constitutes personal data;
  • what you do with the personal data you process;
  • what you actually need to carry out these processes – a privacy impact assessment can help you to answer this question;
  • whether you are collecting the information you need;
  • whether you are creating derived or inferred data about people, for example by profiling them; and
  • whether you will be likely to do other things with it in the future – this can be particularly important if you are undertaking large scale analysis of data, as in big data analytics.

Once you’re clear what personal data you hold and what you need to do with it (how you’ll process that data) you can write your Privacy Policy accordingly.

You’ll find a great example of a GDPR ready Privacy Policy over at the Royal Opera House.

Good luck!

If you would like more information about GDPR, or would like Flourish to help make sure your organisation is ready, get in touch with General Manager Ian Reeves. We’d be happy to help you out.