It can seem like a daunting task but it doesn’t need to be. A big part of the new GDPR data laws is that data protection and data policies have to be easy to understand and accessible to all. This means your policy needs to be short, concise and easy to read, not wordy or complex. A 200 page policy that no one ever reads is not really acceptable any more but this is good news, because it means you don’t have to write a 200 word essay!
The following questions should be considered when writing a privacy notice:
- What information is being collected?
- Who is collecting it?
- How is it collected?
- Why is it being collected?
- How will it be used?
- Who will it be shared with?
- What will be the effect of this on the individuals concerned?
- Is the intended use likely to cause individuals to object or complain?
Here are some useful guides and toolkits
Documents to download
What do I do now?