Article 5(1) of the GDPR provides the six principles of the UK GDPR, stating that personal data must be processed:
- Lawfully, fairly, and in a transparent manner
- For specified, explicit, and legitimate purposes only
- In a manner that is adequate, relevant, and limited to what is necessary
- Accurately and where required, kept up-to-date
- Regarding storage, data should only be kept as long as necessary
- In a way that protects it from unlawful or unauthorised processing, loss, damage, or destruction
Article 5(2) provides that controllers and processors must also show accountability when it comes to UK GDPR compliance.
This involves actions such as keeping precise records and implementing a ‘data protection by design and default’ methodology. This means carrying out data protection impact assessments in situations where the use of personal data could compromise the interests of data subjects.
- Your business’s name and contact details
- Your representative’s name and contact details
- For what purpose your business processes personal data
- The lawful basis for the processing, i.e:
- Contractual obligation
- Legal obligation
- Vital interest
- Performance of a public task
- Legitimate interest
- The categories of personal data your business obtains
- The recipients or categories of recipients of the personal data
- If personal data is transferred to any third countries or international organisations
- How long personal data is kept.
- People's rights concerning the processing of their data.
- The right to withdraw consent
- The right to complain to a supervisory authority
- Where the personal data was sourced from
- The details of whether people are under a statutory or contractual obligation to provide the personal data
- The details of the existence of automated decision-making, including profiling
Do customers read privacy policies?
People are becoming increasingly concerned with how technology companies and other businesses collect and use their data. Unfortunately, most people do not read privacy policies, however, the way you draft the policy and highlight its existence can encourage consumers to engage.
Get legal advice from LawBite
At Lawbite, our data protection solicitors have a wealth of experience in discussing what is required in small business privacy policies and drafting bespoke documents that protect the interests of your customers, suppliers, partners and your organisation.
If you would like to speak to one of our team, you can book a free 15 minute consultation. Just click ‘Get started’ below.