Practice Areas

Privacy policy

Do you need help with a privacy policy? EM Law are experts in drafting and advising on privacy policies, otherwise known as privacy standards. Our lead data protection lawyer is Neil Williamson who has extensive experience in advising clients on a wide range of data protection matters.

On 25 May 2018 the General Data Protection Regulation (GDPR) came into force. The GDPR ushered in a number of changes to data protection, including new requirements for organisations to deal with.

What is a privacy policy?

A privacy policy is an internal document used by organisations to set out the principles and legal conditions that must be satisfied by staff when obtaining, handling, processing, transporting or storing personal data in the course of their operations and activities. Such a policy not only demonstrates how an organisation processes personal data – the privacy standards that it adheres to – but also makes employees aware of their data protection obligations. A privacy policy also describes the rights of individuals whose personal data is processed by the organisation.

Why do I need a privacy policy?

While there is no specific requirement to have a privacy policy in place, such a policy will help employers comply with the new accountability principle. Article 24(1) of the GDPR, for example, states that controllers must demonstrate that their data processing activities comply with the GDPR’s requirements. Having a privacy policy is one of the measures that organisations can take to ensure, and demonstrate, compliance.

How do I create a privacy policy?

A privacy standard should be stated as being non-contractual. This will allow an organisation to change and update the policy as the need arises without seeking the agreement of the entire workforce.

Although is not a requirement of the GDPR that employees sign a privacy standard, a signature may be useful as evidence that employees have been properly informed of their data collection and handling practices, including the rights of individuals whose personal data is processed by the organisation. An acknowledgement of receipt clause can therefore be added at the end of the policy.

A privacy policy should be tailored to each organisation, actively communicated to staff and monitored in practice. Although it is an internal document, many organisations are expected to disclose their privacy standards by potential clients, for example, when bidding for work. So it’s important that they are drafted correctly. 

If you are looking for assistance with drafting your privacy policy or want advice on GDPR and data protection more generally contact Neil Williamson.

EM Law Neil Williamson

Make An Enquiry


Make An Enquiry Now

Please call us now on 0203 637 6374 or Make An Online Enquiry and we will soon be in touch with you


Make An Enquiry

Can We Help You?

We are here to help with any of your questions.
Just click "Yes" below.


Please enter your question below

Send Your Question

Please enter your name and email address so than we can send you a response

Thank You!

Technical issue

Thank you for sending us your question. We will contact you shortly to discuss this.

Sorry, there is a technical issue. Please contact us by telephone: 0203 637 6374