Table of Contents
If you run a graphic design company in England, your business needs a privacy policy. Running a graphic design business involves obtaining and storing the personal information of past, potential and current clients, for example, contact information and email addresses. The UK’s data protection laws, such as the General Data Protection Regulation (GDPR) set out rules for handling personal information, which are legal requirements for your business. This article will explore the purpose of a privacy policy and critical information to include.
Purpose of a Privacy Policy
A privacy policy is a legal document that informs individuals how your company will collect, store and use their personal data. If you run a graphic design company in England, your business needs a privacy policy. The GDPR requires all companies, including graphic design businesses, to have a privacy policy outlining how they handle personal data. A rigorous privacy policy promotes transparency and can reassure your clients that your business complies with its data protection obligations.
Meaning of ‘Personal Data’
Personal data (‘personal details’ or ‘personally identifiable information‘) describes any information that can identify an individual. This is a very wide definition and can include any of the following data:
- names;
- postal addresses;
- telephone or mobile numbers;
- email addresses;
- payment information; and
- photographic data.
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
Key Information to Include
Notably, it is not just the content of your privacy policy that is important, but also its wording. For example, the ICO will not look favourably on a privacy policy written in complex legal jargon, so the average individual cannot reasonably understand it. Indeed, a fundamental principle of our data protection law is that privacy documents are easy to understand.
The content of a privacy policy will largely depend on which pieces of information your business plans to collect and store and, also, whether you may disclose that information elsewhere.
However, most privacy policies are likely to mention some of the following:
- what types of data your business plans to collect and store;
- why your company intends to do so;
- why your business believes it lawful to collect this data;
- details of any third party who may receive personal data from your business;
- contact information for any individual who wishes to contact your company to question the policy or your data collection methods;
- the right of individuals to withdraw consent regarding data collection;
- any estimates of likely storage periods for personal information;
- whether your business stores its data on a hard drive, the cloud or both; and
- the right to complain to the Information Commissioner’s Office.
Additionally, it is a myth that short privacy policies are insufficient. As long as your privacy policy contains all the relevant information, the length of the policy is not important.
Consequences of Using Free Online Templates
Unfortunately, there is no single privacy policy that suits all businesses. As different businesses require tailored terms and conditions documents to suit the types of goods or services they offer, organisations should also have their own bespoke privacy policy. In worst-case scenarios, the ICO can even hold that an unsuitable privacy policy is a breach of the GDPR due to being inaccurate and inappropriate.
Many business owners cut corners by using free online templates, which are incompatible with their unique business services. Using free templates risks breaching the GDPR if they are unsuitable. As such, the mantra, ‘you get what you pay for’ is indeed true, making it vital that you ensure your privacy policy is comprehensive.
Key Takeaways
Companies have a legal obligation to provide a privacy policy that accurately describes how the business collects, stores, and deletes personal data and the purpose of doing so. Naturally, the types of information sought and the reasons why will vary widely between different companies, which helps explain why many business owners seek out bespoke privacy policies.
To comply with the ICO and GDPR, your privacy policy should be accessible and easy to find, such as on your website, and sufficiently detailed and easy to understand.
If you need help with data protection law and putting an applicable privacy policy in place, our experienced data, privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
Frequently Asked Questions
Your company should ensure users can access your privacy policy through your website. If the individual has not come through your website, you should inform them where to find a copy (usually by detailing how to find the appropriate webpage through their web browser).
The GDPR values personal data more highly than other pieces of data because you can use it to identify individuals. Personal data has a broad definition and can even include the IP address and usage data (including time spent and session cookies) of any individual using your website.
We appreciate your feedback – your submission has been successfully received.