How to Write a GDPR Privacy Notice

Posted on by Samantha Harrison

GDPR Information to be Provided

Square Secure Server ClipartGDPR Art. 13 & 14 specify what information needs to be provided to individuals when their personal data is being processed. The former Article refers to data collected directly from the subject and should be provided in a Privacy Notice.

The Regulation is very specific in the information provision requirements, making the format and content of a privacy notice straightforward. However, using a Privacy Notice Template means you will have consistency and structure to your notices. More importantly, a template ensures that any future privacy notices contain all the required information.

Privacy Notice Requirements

When an organisation is collecting personal data relating to a data subject, they are required to provide the below information at the time the data is collected: –

  • The identity and the contact details of the controller (and if applicable, those of the controller’s representative).
  • The contact details of the data protection officer (if applicable).
  • The purposes of the processing for which the personal data are intended as well as the legal basis for the processing.
  • Where the processing is necessary for the purposes of the legitimate interests, the interests pursued by the controller or by a third party.
  • The recipients or categories of recipients of the personal data.
  • Intent to transfer personal data to a third country or international organisation and the existence or absence of an adequacy regulation by the Secretary of State. Where applicable, reference to the appropriate or suitable safeguards and how a copy of them can be obtained.
  • The period for which the personal data will be stored and/or the criteria used to determine that period.
  • The right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject.
  • The right to object to processing.
  • The right to data portability.
  • Where the processing is based on consent, the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • The right to lodge a complaint with the Commissioner.
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
  • Whether the data subject is obliged to provide the personal data and the possible consequences of failure to provide such data.
  • The existence of any automated decision-making (including profiling) and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Privacy Notice Example
Privacy Notice Example

Example Headings for Privacy Notice

When drafting your Privacy Notice Template, you want to ensure that it is user friendly. That means using clear and consistent language and a simple format. Separating each of the Article requirements under different headings is a great way to differentiate the information.

Privacy Notice TemplatesUse headings and seperate sections for a clear notice that is easy to read. Additionally, make effective use of spacing so your notice is easier to understand.

Examples of headings that you can use are: –

Who We Arethe first requirement of Art. 13 is to provide individuals with the controllers name and contact details. Putting this information under the heading ‘who we are’ makes it clear and simple to understand.

How We Use Your Personal Dataif you simply put ‘The Legal Basis for Processing’, you are likely to confuse any individuals who are not fully conversant in the GDPR and their rights. Explaining how you intend to use their data is a more straightforward approach.

How Long We Keep Your Data – again, as with the above example, if you start talking about retention periods, you may end up confusing some of your readers. A simple heading like this one conveys exactly what you mean.

Privacy Notice Template

Are you looking for a ready to use Privacy Notice Template that can be fully cutomised? Our pack includes notice templates for employees and individuals and and a privacy notice register.

Our Privacy Notice Template pack is £18 or comes as part of all of our GDPR Template Packs.

Samantha Harrison

Samantha Harrison is a Director at Know Your Compliance Limited, joining the company in 2018 and bringing a wealth of business management and policy development experience with her. She has run and managed her own businesses for more than 30 years and has been pivotal in developing one of the UK's leading portfolios of GDPR policy templates and checklists. Her knowledge and understanding of regulatory compliance and risk management has been invaluable in the company's growth and development.