Individuals have the right to be informed about the how their personal data is collected and used.
If businesses and organisations are transparent about how they manage personal data, then individuals retain control over how and when their personal information is used.
Articles 13 and 14 of the UK GDPR specify the types of information that organisations need to provide individuals with. This is known as ‘privacy information’.
Organisations need to provide privacy information to individuals at the time that you collect their data. This is often in the form of a privacy notice or policy, especially if information is gathered through an online form. The privacy information should include contact information for your organisation, particularly for the Data Protection Officer.
The privacy notice should give clear concise information on how long the data will be retained for, as well as providing individuals with the ability to withdraw consent and to make a complaint if that becomes necessary. If your organisation acquires data from a third party such as a marketing agency, then the source of the data must be explained to the individuals whose data you hold. Lastly information on how the data is protected against misuse and unauthorised access is required.
The individuals need to be able to give informed consent when they provide personal data, allowing understanding of the purposes that the data will be used for, as well as those purposes that fall within the law. They also need to be clear about who else may have access to their personal information.
Providing the correct privacy information is an excellent way of building trust with clients, staff, and others whose personal data you gather.
Providing incorrect or inadequate privacy information can lead to fines and reputational damage.
While the list of requirements above may seem complex and difficult to comply with, in truth it is a straightforward process to build a privacy notice that protects both your organisation and the rights of those whose data you hold.
CSRB has a simple mission; to be clear and open about personal data protection. What your legal responsibilities are and why you need to comply with the regulations. We will help you manage and protect data responsibly while taking the jargon and complexity out of the process.
Get in touch with us here or call 0117 325 0830 to learn more about how we can bring clarity to your personal data governance framework.