Skip to content
LegalVision UK

I Run a Graphic Design Company in England. Why Does My Business Need a Privacy Policy?

Avatar photo

By Thomas Sutherland

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn
Table of Contents

If you run a graphic design company in England, your business needs a privacy policy. Running a graphic design business involves obtaining and storing the personal information of past, potential and current clients, for example, contact information and email addresses. The UK’s data protection laws, such as the General Data Protection Regulation (GDPR) set out rules for handling personal information, which are legal requirements for your business. This article will explore the purpose of a privacy policy and critical information to include. 

Purpose of a Privacy Policy

A privacy policy is a legal document that informs individuals how your company will collect, store and use their personal data. If you run a graphic design company in England, your business needs a privacy policy. The GDPR requires all companies, including graphic design businesses, to have a privacy policy outlining how they handle personal data. A rigorous privacy policy promotes transparency and can reassure your clients that your business complies with its data protection obligations.

Given that the Information Commissioner’s Office (ICO) can fine companies up to £17.5m for breach of the GDPR, it is wise to comply with data protection rules.

Meaning of ‘Personal Data’

Personal data (‘personal details’ or ‘personally identifiable information) describes any information that can identify an individual. This is a very wide definition and can include any of the following data:

  • names;
  • postal addresses;
  • telephone or mobile numbers;
  • email addresses;
  • payment information; and
  • photographic data.
Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

Key Information to Include 

Notably, it is not just the content of your privacy policy that is important, but also its wording. For example, the ICO will not look favourably on a privacy policy written in complex legal jargon, so the average individual cannot reasonably understand it. Indeed, a fundamental principle of our data protection law is that privacy documents are easy to understand.

The content of a privacy policy will largely depend on which pieces of information your business plans to collect and store and, also, whether you may disclose that information elsewhere.

However, most privacy policies are likely to mention some of the following:

  • what types of data your business plans to collect and store;
  • why your company intends to do so;
  • why your business believes it lawful to collect this data;
  • details of any third party who may receive personal data from your business;
  • contact information for any individual who wishes to contact your company to question the policy or your data collection methods;
  • the right of individuals to withdraw consent regarding data collection;
  • any estimates of likely storage periods for personal information;
  • whether your business stores its data on a hard drive, the cloud or both; and
  • the right to complain to the Information Commissioner’s Office.

Additionally, it is a myth that short privacy policies are insufficient. As long as your privacy policy contains all the relevant information, the length of the policy is not important.

Consequences of Using Free Online Templates 

Unfortunately, there is no single privacy policy that suits all businesses. As different businesses require tailored terms and conditions documents to suit the types of goods or services they offer, organisations should also have their own bespoke privacy policy. In worst-case scenarios, the ICO can even hold that an unsuitable privacy policy is a breach of the GDPR due to being inaccurate and inappropriate.

Many business owners cut corners by using free online templates, which are incompatible with their unique business services. Using free templates risks breaching the GDPR if they are unsuitable. As such, the mantra, ‘you get what you pay for’ is indeed true, making it vital that you ensure your privacy policy is comprehensive.

Key Takeaways

Companies have a legal obligation to provide a privacy policy that accurately describes how the business collects, stores, and deletes personal data and the purpose of doing so. Naturally, the types of information sought and the reasons why will vary widely between different companies, which helps explain why many business owners seek out bespoke privacy policies.

To comply with the ICO and GDPR, your privacy policy should be accessible and easy to find, such as on your website, and sufficiently detailed and easy to understand. 

If you need help with data protection law and putting an applicable privacy policy in place, our experienced data, privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.

Frequently Asked Questions

When is my business expected to provide individuals with a copy of my privacy policy?

Your company should ensure users can access your privacy policy through your website. If the individual has not come through your website, you should inform them where to find a copy (usually by detailing how to find the appropriate webpage through their web browser).

Why does UK law protect certain information more than others?

The GDPR values personal data more highly than other pieces of data because you can use it to identify individuals. Personal data has a broad definition and can even include the IP address and usage data (including time spent and session cookies) of any individual using your website.

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Thomas Sutherland

Thomas Sutherland

Read all articles by Thomas

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

4 Common Challenges Your Company Will Face With the GDPR in the UK

How Does GDPR Affect My Business?

Does My Business in England Need a CCTV Policy?

How Does My Company Obtain an ICO Certificate in the UK?

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards