SMEs urged to check consent with privacy notice tool

Small organisations and sole traders are being urged to check they are compliant with data protection law after being offered a new tool by the Information Commissioner’s Office to create a bespoke privacy notice and protect people’s information rights.

Under UK GDPR, every organisation that holds people’s information needs to explain why it holds it and what it does with it, so customers, suppliers, staff and volunteers know what will happen to their personal data, although naturally not everyone knows this.

Organisations are obliged to provide this information through a privacy notice, which is displayed on their website or included in other communications, to ensure they are compliant.

However, to many companies these privacy notices are a huge headache, with many simply copying and pasting standards phrases online.

The ICO claims that, in just a few simple steps, the new privacy notice generator can create tailored privacy notices relevant to small organisations in a variety of sectors of the economy.

There are sections of the tool specific to the finance, insurance and legal sectors; education and childcare; health and social care and charity and voluntary sectors. There are also sections designed for other small organisations in sectors such as retail and manufacturing.

ICO head of business services Faye Spencer said: “We’re always looking for ways to make data protection compliance simple and stress-free for smaller organisations and start-ups, who tend to have less time and fewer resources.

“Our new privacy notice generator is a quick and easy solution that provides smaller organisations with the support they need, so they can concentrate on what they’re good at, serving the needs of their customers and growing their organisation.”

The tool offers two different types of privacy notice. One for customer and supplier information, which organisations can display on their website or external communications; the other for staff and volunteer information, for inclusion in welcome packs, policy libraries or other internal channels accessible to staff and volunteers.

Federation of Small Businesses (FSB) policy chair Tina McKenzie added: “We’re very pleased to have supported the development of this tool, which will allow small businesses to generate tailored privacy notices in far less time and with far less hassle and cost than previously, or to check the robustness of their current notice.

“Data protection is a vital component of consumer rights, reassuring customers that their personal information won’t be mistreated, and is something small firms are keen to get right. By reducing small businesses’ cost of compliance, and the associated stress, the ICO’s tool should be a big help.”

The move follows an ICO warning from as far back as 2017, that organisations should be far more open, honest and transparent in their online privacy notices or face the risk of enforcement action. At the time, a review of 30 UK websites by the ICO in the retail, banking and lending, and travel and finance price comparison sectors found that data protection and privacy notices were often inadequate.