Getting your website and data policies right

There are seven core data protection principles that a data compliant business should have in mind throughout their business from the very first contact. These include ensuring processing is ‘fair, lawful and transparent’. When it comes to a privacy policy or a cookies policy this is you opportunity to be transparent and clear with any processing you carry out.

What is a Privacy Policy? In short it is an external facing document where a company that handles data sets out to their customers, suppliers and other third parties how it collects, uses and stores data when those third parties use the website or go on to purchase goods or services from the company.

A good privacy policy, first and foremost, must accurately reflect the businesses own practices and how the business treats data. One of the biggest issues with an off the shelf privacy policy is that it isn’t tailored to your own business practices and as a result it is neither transparent nor accurate.

As well as accurately representing the business a compliant privacy policy should address what types of data, with examples, of the data which you may collect and process. Such a policy should also set out all of the ways in which you expect to collect data from, whether this is directly through the website, where a customer contacts you by telephone or a client gets in touch by email, if there are in person interactions or even if there are any third parties who may provide data.

Once you have set out how and what is collect it would then be best to set out what this collected data is used for. When putting privacy policies in place for our clients we ensure that the types of data collected are related to their actual uses.

If you work with additional third parties you should also disclose to your client and other third parties if there are any parties that you share this data with, such as a CRM system, and this is especially important where any third parties or servers are based outside of the UK.

Lastly a good privacy policy will also set out the rights that visitors of your website have in relation to their data. Examples of this are when they no longer wish to be marketed to then they have the right to object to this and you should always respect such a request, especially when it relates to marketing.

There are also additional requirements arising out of the GDPR that relate to cookies. Before the GDPR there was almost a free reign to use cookies however there is now a crackdown on cookies and a requirement that where a cookie is not strictly necessary that it can only be utilised when the user consents to this. It is more important than ever to therefore ensure your cookies processes are compliant and that you have a cookies policy or notice that sets out all cookies that your website is integrated with and what these do, for how long they are stored on the user’s computer and whether these are operated by a third party or not.

If you are unsure if your privacy policy is actually compliant with the law, or you don’t currently have one in place and want to ensure a bespoke, compliant and professionally drafted policy is in place then you should get in touch with us.

For an initial discussion regarding data protection and privacy policies please feel free to give me a call on 01273 447 071