Why do you need a privacy policy on your website? The message is simple. if you are processing someone’s personal data, then they have a right to know about it. The change in data protection laws back in 2018 purely came into existence so individuals can have control and rights over their personal data.
Article 12 of the UK GDPR states that businesses need to provide all information relating to the processing of an individual’s personal data. Articles 13 and 14 of the UK GDPR further explain what they have the right to be informed about. This information is all relayed in your privacy policy. Remember, even if you do not have a website, you should still have a privacy policy if you are processing personal data within your business. Unless you have zero clients or zero suppliers, then you are processing personal data!
It is important to remember here that personal data includes names of anyone within an organisation. There is still a misunderstanding that a business email address would not be classed as personal data and this is wrong. Only those emails that are not personally identifiable to an individual are not protected, for example info@bebconsultancy.co.uk.
What is a Privacy Policy and Its Importance?
Before we discuss in depth why you need privacy policy on your website, let’s define what exactly it is. A privacy policy is a document found on your website (if you have one) that explains to all your users or customers how and why you collect their data, how you use that data, why you use it, and if you share it with third parties. It needs to comply with the UK General Data Protection Regulation (GDPR), which is now part of the Data Protection Act 2018. Your privacy policy also shows the people that interact with your website that you take data protection seriously within your business.
The ICO supports many small businesses with ensuring that they have the correct information within their privacy policy. It is not always necessary to instruct a professional to write it for you, providing you actually know what personal data you are processing and what legal basis you are relying on to process that data. Nevertheless, it goes without saying that you must ensure you’re doing exactly what you’re saying you’re doing within your privacy policy, and you understand your data protection obligations within your business.
For example, there are many privacy policy templates circulating the internet that state personal data is being processed and then list every legal basis for processing that data, which of course, may not be the case. Drafting your own can be effective. However, it’s always a good idea to have this checked by professionals.
If you don’t have a privacy policy when there is a legal requirement to have one, you will be breaching data protection laws. Without a privacy policy, website users are not aware of how their personal data is being used. Therefore, they would not be able to make informed decisions about whether to provide their personal data to your website or to you as a business.
In addition, if your business were to collect, use, or disclose personal data without a privacy policy in place, you could be subject to legal action. The penalty for not complying with the law can see you land an expensive fine and also damage your business reputation.
Let BEB Help
If you would like to ensure your privacy policy is up-to-date, we at BEB can offer you the expertise you need. Get in touch with us at 01604 217365 or info@bebconsultancy.co.uk.