Featured in JEP’s Expert Panel – 7th March 2018
Some important characteristics of privacy notices you need to aware of, are that they need to be (i) treated as a “live” document, reflecting the ever changing nature of your business regarding changes in your processing activities or identified purposes or lawful basis for processing various categories of data (ii) it must inform, in a very transparent way, the data subject as to what the scope and consequences of the processing entails for them individually.
A13 of GDPR outlines the information which must be in your privacy notice. Key features of your privacy notice should be that the information is ‘concise, transparent, intelligent and accessible’ to the data subject and to avoid information fatigue, it should be presented in a ‘layered’ format showing those elements which have the greatest impact on the data subject in the first layer, where appropriate.
From a practical perspective, firstly review your privacy notice to ensure key processing activities are noted, with a corresponding disclosure of the purpose and lawful basis upon which your organisation is using the data and then follow A13 requirements.