Getting your website and data policies right

16 March 2021

There are seven core data protection principles that a data compliant business should have in mind throughout their business from the very first contact. These include ensuring processing is ‘fair, lawful and transparent’. When it comes to a privacy policy or a cookies policy this is you opportunity to be transparent and clear with any processing you carry out.

What is a Privacy Policy? In short it is an external facing document where a company that handles data sets out to their customers, suppliers and other third parties how it collects, uses and stores data when those third parties use the website or go on to purchase goods or services from the company.

A good privacy policy, first and foremost, must accurately reflect the businesses own practices and how the business treats data. One of the biggest issues with an off the shelf privacy policy is that it isn’t tailored to your own business practices and as a result it is neither transparent nor accurate.

As well as accurately representing the business a compliant privacy policy should address what types of data, with examples, of the data which you may collect and process. Such a policy should also set out all of the ways in which you expect to collect data from, whether this is directly through the website, where a customer contacts you by telephone or a client gets in touch by email, if there are in person interactions or even if there are any third parties who may provide data.

Once you have set out how and what is collect it would then be best to set out what this collected data is used for. When putting privacy policies in place for our clients we ensure that the types of data collected are related to their actual uses.

If you work with additional third parties you should also disclose to your client and other third parties if there are any parties that you share this data with, such as a CRM system, and this is especially important where any third parties or servers are based outside of the UK.

Lastly a good privacy policy will also set out the rights that visitors of your website have in relation to their data. Examples of this are when they no longer wish to be marketed to then they have the right to object to this and you should always respect such a request, especially when it relates to marketing.

There are also additional requirements arising out of the GDPR that relate to cookies. Before the GDPR there was almost a free reign to use cookies however there is now a crackdown on cookies and a requirement that where a cookie is not strictly necessary that it can only be utilised when the user consents to this. It is more important than ever to therefore ensure your cookies processes are compliant and that you have a cookies policy or notice that sets out all cookies that your website is integrated with and what these do, for how long they are stored on the user’s computer and whether these are operated by a third party or not.

If you are unsure if your privacy policy is actually compliant with the law, or you don’t currently have one in place and want to ensure a bespoke, compliant and professionally drafted policy is in place then you should get in touch with us.

For an initial discussion regarding data protection and privacy policies please feel free to give me a call on 01273 447 071

Related Stories


Why are Terms and Conditions so valuable?

When you’re running a business, whether it’s selling goods or providing services to consumers or businesses, it is often the case that the priorities rest with growth of the business and such growth is not associated with getting legal documents in place. Given the tumultuous times which we are living…


Don’t get caught out by the IR35 changes

Don’t get caught out by the IR35 changes The Off-payroll working rules, otherwise known as IR35 is not new legislation. It was introduced to address situations where individuals provided services to a business via a personal service company (PSC) and thus potentially mitigate or avoid any employee income tax and…


Why Register a Trade Mark?

A trade mark can be an important and valuable asset of your business and once registered will ensure your hard work and reputation are protected for years to come!  Registration of a trade mark is a proactive step towards not only protecting your business and brand but also adding value…


Court Rules Uber drivers are workers

The long awaited decision from the Supreme Court on whether Uber drivers are workers or self-employed individuals has been handed down in a decision which is likely to affect many gig economy businesses across the UK. It upheld the driver’s claim that they are workers and entitled to some employment…


Brexit and its direct effect on your business Trade Mark

On the 1st of January 2021 the UK will be leaving the European Union and with the possibility of a No-Deal Brexit, it is more important than ever to assess the impact that this may have. The focus of this post will be about the impacts this will have on…


Data Protection after Brexit?

Following the UK leaving the EU, the looming end of the transition period at the end of the year and the challenges that we have all faced this year with Covid-19 you would have been forgiven for not paying attention to the impacts that a No-Deal Brexit has in regards…


Employee or Worker? The decision is in for Uber

In the case of (1) Uber BV (2) Uber London Ltd (3) Uber Britannia Ltd v (1) Aslam (2) Farrar (3) Dawson and others, the Employment Tribunal and the Employment Appeal Tribunal (EAT) have all agreed that Uber taxi drivers are workers in relation to their employment status and not self employed contractors.

Check us out on social