How to get touch with us over the festive period

Our offices will be closed on 25 and 26 December, and 1 January with no access via telephone or email on these days. On 23, 24 and 27 December you will be able to reach us via telephone, email and our live chat but our offices will be closed to the public. All other dates we are open as usual. 

Complete the form below to ask us a question or make an enquiry. We’ll get back to you via phone or email as soon as possible.

Insights

Debunking Data Protection Part 2: Can I Use a Template Privacy Notice?

Posted on 05th September 2024 in Data Protection

Posted by

Jessica Whittick

Solicitor
Debunking Data Protection Part 2: Can I Use a Template Privacy Notice?

In this new series of insights, we debunk common data protection misconceptions and explain how Tozers can help your business comply with the regulatory framework.

“Downloading a template privacy notice means I am complying with data protection and GDPR”.

This is incorrect and could put your business in breach of data protection legislation.

Who needs a privacy notice?

Any business which holds personal data.

What is the purpose of the privacy notice?

In summary, it sets out:

1.    Your identity and contact details;

2.    Details of the data protection officer, where applicable;

3.    The type of personal data you are processing;

4.    Why you’re processing personal data;

5.    Your legal basis for processing;

6.    If you’re relying on the legal basis of consent for processing, how consent can be withdrawn;

7.    How long you are keeping data for;

8.    Who you will be sharing it with;

9.    Whether there will be any sharing of the data outside of the UK;

10. The period for which the data will be stored;

11. Data subjects’ rights, including how to make a complaint to the supervisory authority; and

12. Whether you undertake any automated decision-making, including profiling.

Is it a legal requirement?

Yes – providing privacy notices is a key requirement of the UK GDPR. Individuals have a right to know how you use their data before they give it to you and a privacy notice should be made available to them in advance. It is a legal requirement to display a privacy notice on your website if that's primarily the way your clients or customers discover your business.

As a processor of personal data you have the responsibility of complying with the law, however small you are. There are very few situations when one is not needed.

What happens if I don’t comply with the regulatory framework?

The ICO is the UK’s largest independent body set up to uphold information rights. It has various enforcement powers, for example:

1.    Issuing notices that require you to provide certain information.

2.    Issuing enforcement notices that require you to take, or refrain from taking particular steps or actions.

3.    Issuing monetary penalties if you contravene network and information systems up to a maximum of £17 million.

In April 2024 the IPO fined TikTok £12.7 million for several breaches, including failing to use children’s data lawfully. Accompanying the enforcement notice was a 58-page annex which considers the specific wording of TikTok’s privacy notices over two years and sets out why the ICO concluded that the wording did not meet the requirements of GDPR. Whilst many organisations may consider privacy notices a mere formality, the ICO take them seriously and not following the rules could cause significant financial and reputational risks for your business.

How can Tozers help me?

Every business responsible for using individuals’ personal data (which includes storing it) has to follow strict rules and lawyers play a crucial role in navigating the complex legal landscape surrounding personal data.

As well as helping you ensure you have an appropriate privacy notice in place Tozers’ expert data protection team can help you comply with the regulatory framework by:

·      Providing advice and guidance.

·      Discuss data protection impact assessments and technical and organisational measures to mitigate or manage the risks you identify with new systems.

·      Drafting data protection policies.

·      Providing training to staff.

·      If the worst happens, provide written representations to the ICO to dispute any penalty notice.

If you require advice, speak to one of our legal experts today in a no-obligation phone call. 

Contact our legal experts

Company & Industry

Related Insights

Insights

Police Force Issued with a £750,000 Penalty Notice by the ICO for an Unprecedented and Industrial Scale Data Breach

Posted on 09th October 2024 in Dispute Resolution, Data Protection

In a recent case involving the Information Commissioner’s Office (ICO) and the Chief Constable of Northern Ireland, the ICO issued a penalty notice due to non-compliance with UK GDPR obligations. The incident stemmed from a data breach that occurred during a Freedom of Information Act (FOIA) response. While FOIA requests are typically limited to public authorities, the lessons from this case are relevant to all businesses handling personal data. Read our latest insight for a breakdown of the key points.

Posted by

Jessica Whittick

Solicitor
Insights

Debunking Data Protection Part 2: Can I Use a Template Privacy Notice?

Posted on 05th September 2024 in Data Protection

In this new series of insights, we debunk common data protection misconceptions and explain how Tozers can help your business comply with the regulatory framework.

Posted by

Jessica Whittick

Solicitor