GDPR in practice - Just-in-time notices

Marketers have a tough job under the GDPR – when collecting data and consent there is a long list of information to be provided to explain personal data will be used. But that information must be:

concise, transparent, intelligible and easily accessible; written in clear and plain language, particularly if addressed to a child; and free of charge.

The challenge of how to provide so much information and be concise, while also keeping the language simple is significant one. Ashleigh Wood of Communicator has written for Smart Insights, showing how layered privacy information can make it easy to give an overview and set expectations, with links which expand to give more detail when necessary.

Now the ICO have just released new code of practice on communicating privacy information to individuals. The code though is more than a list of who organisations need to do, but also gives advice and guidelines. The code advises the use of just-in-time notices to be that first layer of information. Just-in-time notices work by displaying a brief message when someone is about to enter information. These contextual messages are effective because they keep the screen clear and user-friendly, showing only the minimum information only when it’s needed. And to allow for layered privacy information, these just-in-time notices also allow linking to further, more detailed information where necessary.

The ICO privacy notice code of practice is a very useful document; I advise you read it from cover to cover, but just in time notices for your data collection forms is, in my opinion, an absolute must for you to consider.