Brand owners are being warned that it is no longer enough to stick a privacy notice on their website and forget all about it; the information needs to be regularly reviewed and updated or enforcement action could follow.
That is the clear message from the Information Commissioner’s Office, which has just launched the first piece of guidance to explain how companies can comply with both the existing Data Protection Act and the EU’s General Data Protection Regulation (GDPR). EU countries must comply with the GDPR May 25 2018.
The new code of practice sets out how organisations should explain to people how they are using their personal information.
ICO head of policy delivery Jo Pedder said: “Organisations need to do more to explain to consumers what they’re doing with their information and why. It’s important to remember that reputation can be easily lost when people discover you haven’t been completely honest about how you are using their information.
“A clear and effective privacy notice is one way to do it. That doesn’t necessarily mean a single document to inform individuals about what you do with personal data. We’re talking here about all the privacy information that you make available or provide to individuals when information about them is collected. In most cases, a blended approach, using a number of techniques to present privacy information to individuals will be the most effective at engaging them.”
“Whatever approaches you select, it’s your job to embed transparency and invest in innovative ways of telling people what you’re doing with their data. This best practice demonstrates that you are using personal data fairly and transparently. Where individuals have a choice about how their personal data is used, you need to make it easy for them to express their preferences and retain control of their information.”
Related stories
ICO commits to data law overhaul despite Brexit win
Third of businesses still feel unprepared for GDPR
7,000 data protection officers needed for UK firms
Marketers clueless about Brexit impact on data laws
Data compensation claims ‘could run into millions’
EU sets May 25 2018 as GDPR implementation date
Industry on alert as EU reviews online privacy laws
Data consent ruling rocks industry
ICO evidence exposes mass abuse of the TPS rules
1,000 firms probed as ICO goes to war on rogue data
EU reforms put £300bn digital market in jeopardy
EU data reforms: the top 5 issues for marketers