page-banner

Practice Areas

Privacy notices

EM Law are experts in drafting and advising on privacy notices. Our lead data protection lawyer is Neil Williamson who has extensive experience in advising clients on a wide range of data protection matters.

On 25 May 2018 the General Data Protection Regulation (GDPR) came into force. The GDPR ushered in a number of changes to data protection, including new requirements for organisations to deal with.

One of the new core requirements of the GDPR is to know and to document the personal data that an organisation uses, what it is used for, where it is stored, where it flows from and to, and how it is protected. If you are a data controller, this includes creating a privacy notice that informs data subjects of your corporate privacy policy.

What are privacy notices?

Under the GDPR, employers are required to provide employees and individuals with extensive information about the processing of their personal data. A privacy notice is key to satisfying this requirement and explains the categories of personal data an organisation collects and how the organisation uses, stores, discloses, and secures personal data. In addition, the notice should inform individuals of the applicable legal basis for processing their personal data.

Why do I need a privacy notice?

Articles 13 and 14 of the GDPR state that:
• When personal data is collected directly from data subjects, the controller must provide a privacy notice at the time of collection; and
• When you receive personal data from another source, the controller must provide a privacy notice within a reasonable period, and in any event within one month.

These obligations do not apply if the data subject already has the information, if providing this information is impossible or would involve a disproportionate effort, if you are obliged to obtain or disclose the data by law, or if the personal data must remain confidential, subject to an obligation of professional secrecy.

If employers fail to present their privacy notices in an appropriate manner, or do not include required information, they will be in breach of the GDPR and may be open to potential enforcement action by supervisory authorities such as the ICO. The most relevant enforcement actions in the context of a non-compulsory privacy notice include compliance orders and financial penalties. Financial penalties can reach up to EUR 20,000,000 or 4% of global turnover, whichever is higher.

How do I create a privacy notice?

A GDPR-compliant privacy notice must include specific things in its content but does not need to be in any particular format. The notice can be rolled out electronically or can be given to employees and individuals in hard copy. Often, privacy notices are linked on a company’s website or in their email signature.

The privacy notice should be easily understandable to an individual with no background in privacy or in law. There should be no technical or legal language and the text of the notice should be broken up with sensible headers to identify the relevant sections.

Employers should prepare privacy notices for each stage of the recruitment process in order to accurately reflect how individuals’ personal data are processed throughout the employment lifecycle. The notice should refer, for example, to job applicants, as well as employees and contractors.

Privacy notices must be tailored on a case-by-case basis for each organisation. There is no one template that can be appropriate for all employers. Employers must ensure that each part of the notice accurately reflects actual or anticipated personal data collection and handling practices.

If you are looking for assistance with drafting your privacy notice or want advice on GDPR more generally contact Neil Williamson.

EM Law Neil Williamson

Make An Enquiry

Reviews

Make An Enquiry Now

Please call us now on 0203 637 6374 or Make An Online Enquiry and we will soon be in touch with you

Close

Make An Enquiry

Can We Help You?

We are here to help with any of your questions.
Just click "Yes" below.

Yes
No
+

Please enter your question below

Send Your Question

Please enter your name and email address so than we can send you a response

Thank You!

Technical issue

Thank you for sending us your question. We will contact you shortly to discuss this.

Sorry, there is a technical issue. Please contact us by telephone: 0203 637 6374

Close