GDPR Information to be Provided
Art. 13 and Art. 14 of the UK GDPR specify what information needs to be provided to individuals when their personal data is being processed. Art. 13 details the requirements where data has been collected directly from the data subject and should be provided in the form of a Privacy Notice.
The Regulation is very specific in the information provision requirements, making the format and content of a privacy notice straightforward. However, using a Privacy Notice Template means you will have consistency and structure to your notices. More importantly, a template ensures that any future privacy notices contain all the required information.
Privacy Notice Requirements
When an organisation is collecting personal data relating to a data subject, they are required to provide the below information at the time the data is collected: –
- The identity and the contact details of the controller (and if applicable, those of the controller’s representative).
- The contact details of the data protection officer (if applicable).
- The purposes of the processing for which the personal data are intended as well as the legal basis for the processing.
- Where the processing is necessary for the purposes of the legitimate interests, the interests pursued by the controller or by a third party.
- The recipients or categories of recipients of the personal data.
- Intent to transfer personal data to a third country or international organisation and the existence or absence of an adequacy regulation by the Secretary of State. Where applicable, reference to the appropriate or suitable safeguards and how a copy of them can be obtained.
- The period for which the personal data will be stored and/or the criteria used to determine that period.
- The right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject.
- The right to object to processing.
- The right to data portability.
- Where the processing is based on consent, the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- The right to lodge a complaint with the Commissioner.
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
- Whether the data subject is obliged to provide the personal data and the possible consequences of failure to provide such data.
- The existence of any automated decision-making (including profiling) and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Example Headings for Privacy Notice
When drafting your Privacy Notice Template, you want to ensure that it is user friendly. That means using clear and consistent language and a simple format. Separating each of the Article requirements under different headings is a great way to differentiate the information.
The use of headings and sections is very effective for spacing out a lot of information and ensuring that those reading the notice understand what you are conveying.
Examples of headings that you can use are: –
Who We Are – the first requirement of Art. 13 is to provide individuals with the controllers name and contact details. Putting this information under the heading ‘who we are’ makes it clear and simple to understand.
How We Use Your Personal Data – if you simply put ‘The Legal Basis for Processing’, you are likely to confuse any individuals who are not fully conversant in the GDPR and their rights. Explaining how you intend to use their data is a more straightforward approach.
How Long We Keep Your Data – again, as with the above example, if you start talking about retention periods, you may end up confusing some of your readers. A simple heading like this one conveys exactly what you mean.
Privacy Notice Template
If you are looking for a ready to use Privacy Notice Template that can be fully cutomised, we have the perfect option for you. Our Privacy Notice Template pack comes with a standard notice, an employee privacy notice and a template register for recording notices.
Our Privacy Notice Template pack can be purchased alone for just £18 (exc vat) or comes as part of all of our GDPR Template Packs.