EM Law | Commercial Lawyers in Central London
Privacy policy solicitors
On 25 May 2018 the General Data Protection Regulation (GDPR) came into force. Our privacy policy solicitors have been advising a good number of companies since then. The GDPR ushered in a number of changes to data protection, including new requirements for organisations to deal with.
What is a privacy policy?
A privacy policy is an internal document used by organisations to set out the principles and legal conditions that must be satisfied by staff when obtaining, handling, processing, transporting or storing personal data in the course of their operations and activities. Such a policy not only demonstrates how an organisation processes personal data – the privacy standards that it adheres to – but also makes employees aware of their data protection obligations. A privacy policy also describes the rights of individuals whose personal data is processed by the organisation.
Why do I need a privacy policy?
While there is no specific requirement to have a privacy policy in place, such a policy will help employers comply with the new accountability principle. Article 24(1) of the GDPR, for example, states that controllers must demonstrate that their data processing activities comply with the GDPR’s requirements. Having a privacy policy is one of the measures that organisations can take to ensure, and demonstrate, compliance.
How do I create a privacy policy?
A privacy standard should be stated as being non-contractual. This will allow an organisation to change and update the policy as the need arises without seeking the agreement of the entire workforce.
Although is not a requirement of the GDPR that employees sign a privacy standard, a signature may be useful as evidence that employees have been properly informed of their data collection and handling practices, including the rights of individuals whose personal data is processed by the organisation. An acknowledgement of receipt clause can therefore be added at the end of the policy.
A privacy policy should be tailored to each organisation, actively communicated to staff and monitored in practice. Although it is an internal document, many organisations are expected to disclose their privacy standards by potential clients, for example, when bidding for work. So it’s important that they are drafted correctly.
Our privacy policy solicitors can help you draft your policy or advise on GDPR and data protection. Please, contact Neil Williamson with any data protection questions you have.