Date published: 10 April 2023 | by Sybil Mayard
Why You Need a Privacy Notice Now
Data protection experts frequently work with clients who share their customers' data without permission - are you one of them? If so, you probably don't have a privacy notice.
Last week, we asked our LinkedIn connections "What do you think is the most important factor to consider when creating a trustworthy website?" Worryingly, 0% of respondents voted for “Transparent privacy notice”. Frankly, we weren't surprised at this result, but if you don't believe that having a transparent privacy notice is important, you should be concerned.
A privacy notice is beneficial for both yourself and your customers:
- It helps you to be clear about what data you are processing, and why you are processing it,
- It informs your customers about how you use their data, building trust and helping them to make informed decisions when using your website.
It is also required by law, under the UK GDPR (General Data Protection Regulation).
When writing a privacy notice it may be helpful to ask yourself some questions. Here are a few to get you started:
WHICH data are you collecting?
Many types of customer data can be collected via a website, including name, address, telephone number, date of birth, credit card information and IP address. Ensure that your website does not collect more data than you require.
WHAT do you do with it?
If you are storing, using, transferring or sharing customer data, you must have a clearly defined purpose for processing it.
WHY are you processing this data?
The lawful bases for processing are consent, contract, legal obligation, vital interests, public task and legitimate interests. At least one of these must apply whenever you process customer data.
WHEN was the last time you reviewed your privacy policy?
Processes and policies change and evolve; ensure to review your privacy notice on a regular basis and display the latest version on your website.
HOW long do you retain this data for?
You need to define a retention period - this is the length of time you will keep customer data for, before deleting it. The dangers of over-retaining include unnecessary additional costs to your business, out of date and/or irrelevant data, and even customer complaints.
WHO are you sharing this data with?
Having the data in your possession doesn't mean that you own it. Be extremely cautious when sharing customer information with third parties - there can be serious consequences if you share data without a legitimate reason for doing so.
Creatively Manage Your Website's Compliance
We want to help raise business owners' awareness of the implications of not having a compliant website. If you need support with creating your privacy notice or managing your customers' data, we can help you.