GDPR Week #17 – What’s black & white and never read?
What’s black and white and never read? Your Privacy Statement, that’s what!
(or at least that has traditionally been the case – but things may now be changing)
As you’ll know, one of the key requirements of the GDPR and the new Data Protection Act is that organisations keep their prospects and customers (‘Data Subjects’, in legalese) informed. In fact, the first of the 8 Rights listed by the ICO is this one; the Right to be Informed.
An organisation’s Privacy Statement or Notice is typically the best way for an organisation to explain how it will process data. Traditionally, from a customer experience perspective, the Privacy Statement has been irrelevant. They’re lengthy (on average over 2,500 words – though iTunes’ peaked at 20,000 words in 2015) and no-one reads them. But in future people increasingly will. And if it’s not your prospects and customers reviewing your Privacy Statement, then rivals and and a growing band of people looking to make a living out of challenging brands’ data privacy compliance will!
i. The Policy needs to explain all the ways in which you intend to process personal data. So, refer to back to where you got to when you started to map how your organisation captures and uses personal data, which was the task in Week #11 (www.channeldoctors.co.uk/blog/41-the-gdpr-week-11-3-simple-questions)