Table of Contents
The principle of transparency is essential under the UK GDPR rules. If you act as a data controller, you must provide transparent information to individuals from whom you collect personal data.
Personal data means any data related to a living individual who can be identified directly or indirectly from it. For example, personal data includes:
- email addresses; and
- photographs of individuals.
This factsheet sets out how your business can become GDPR compliant.
- a complete list of all of the types of personal data you collect, such as names, email addresses, telephone numbers, and dates of birth;
- the reasons for which you will use personal data, such as to perform a contract you have with a data subject;
- details about how you secure personal data;
- information about whom you share personal data with and whether you transfer personal data to any countries located outside of the United Kingdom; and
- information about data subject rights.
Why Do Businesses Need to Update Their Privacy Policies?
You need to provide individuals with a range of information when you collect personal data from them. You must also inform individuals if there are any changes to the information you initially provided.
If you intend to use a data subject’s information for different purposes, for example, you must inform them before you carry out further processing activities.
You need to provide this information clearly and transparently. This means you need to update any relevant privacy policies. You must also notify affected data subjects about the changes made to ensure they are fully informed.Continue reading this article below the form
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
When Should Businesses Update Their Privacy Policies?
You should regularly review your privacy policies to check whether the information in them is accurate and up to date. It is a good idea to set specific times to review your privacy policies, for example, every few months and at least annually.
You may also need to update your privacy policies if there is a change in law. For example, there have been various changes in international data transfer laws after Brexit. Privacy policies need to be updated to reflect these changes.
Here are some examples of the stages at which you may need to review and update your privacy policies:
|Collecting New Types of Personal Data
|Changing the Way You Process Personal Data
|If you change how you use personal data, you must update your privacy policies accordingly. For example, you may begin to work with new suppliers with whom you will share personal data.
Alternatively, you might engage a supplier located outside the United Kingdom. In this case, you must update your privacy policies to reflect that you work with new data sub-processors and that you transfer personal data to countries located outside of the United Kingdom.
|Changing the Purposes for Which You Use Personal Data
|If you need to use an individual’s personal data for a new purpose, you must tell them before doing so. For example, if you collected personal data from a customer simply to deliver their order but now want to use their data for other reasons. You must update your privacy policies to reflect the new purposes for using personal data.
You should explain when your new privacy policies will come into force and provide contact details of whom individuals can reach out to with any questions.
If you need help reviewing or updating your privacy policies, our experienced privacy lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
We appreciate your feedback – your submission has been successfully received.