The revised ICO Privacy Notices Code and GDPR

ICO Privacy notice code (4)

Earlier this month the Information Commissioner’s Office (ICO) published its revised Privacy Notices Code of Practice.

Under the Data Protection Act 1998 (DPA), a Data Controller should issue a privacy notice to Data Subjects whenever personal data is gathered from them. This should be done at the point of collection or as soon as reasonably practicable after that. The notice should (at the very least) include:

  • The identity of the Data Controller
  • The purpose, or purposes, for which the information will be processed
  • Any further information necessary, in the specific circumstances, to enable the processing in respect of the individual to be ‘fair’ (in accordance with the 1st DP Principle).

The ICO says that organisations need to do more to explain to service users what they are doing with personal personal data and why. The code includes examples of compliant notices as well as suggested formats for online notices, in apps and even a sample video privacy notice.

As we know the General Data Protection Regulation (GDPR) will be in force in May 2018 (and still relevant despite the Brexit vote). The GDPR specifies further detail to be included in privacy notices. It also requires notices to be issued even where personal data is received from a third party. The code briefly explains these new requirements including a useful table. The ICO says that by following the good practice recommendations in the code, organisations will be well placed to comply with the GDPR regime. Read Scott’s blog post on the new requirements here.

This code has been issued under section 51 of the DPA. The basic legal requirement is to comply with the DPA itself. Organisations may use alternative methods to meet the DPA’s requirements, but if they do nothing then they risk breaking the law. When considering whether or not the DPA has been breached the Information Commissioner can have due regard to the code.

The code includes a helpful checklist, covering key points and tips on how to write a notice.

Privacy Notices need to be regularly reviewed and updated to reflect any changes. The ICO is considering other practical ways of supporting organisations in achieving greater transparency such as the feasibility of a privacy notice generator!

Want to know more about privacy notices under GDPR?  Attend our full day GDPR workshop

GDPR Practitioner Certificate (GDPR.Cert) – A 4 day certificated course aimed at those undertaking the role of Data Protection Officer under GDPR whether in the public or the private sector.

About actnowtraining

Act Now Training Ltd specialise in information law. We have been providing training and consultancy services globally for over 15 years. We have an extensive GDPR course programme from live and recorded webinars, accredited foundation through to higher level certificate courses delivered throughout the country or at your premises. We pride ourselves on having well renowned experts in the fields of Data Protection, Freedom of Information, Surveillance Law and Information Management. All our experts have worked within the public and private sectors and have many years of experience of training and consulting in these areas. Our clients include central government, local authorities, multi-national corporations as well as other public and third sector bodies including schools. Please visit our website to see the range and testimonials of our satisfied clients.
This entry was posted in Data Protection, Data Sharing, EU DP Regulation, Privacy and tagged , , , . Bookmark the permalink.

4 Responses to The revised ICO Privacy Notices Code and GDPR

  1. Pingback: Data Sharing and the Digital Economy Bill | Blog Now

  2. Pingback: GDPR is here to stay but what happens next? | Blog Now

  3. Pingback: The Right to Data Portability under GDPR | Blog Now

  4. Pingback: GDPR: Updating Privacy Notices | Blog Now

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s