GDPR in practice - Privacy Notices

Under the GDPR we need to give more information than ever, explaining how we use and protect the data we collect. Making this task a little more challengine are new "fair processing" and "clear language" requirements, meaning that we must give that information in a way which is simple enough for the intended audience.

At first sight these are two contradictory requirements: how to give more information and more detailed information, while making that information easy to navigate and understand.

To help, I've got two great examples.

Microsoft
The Microsoft Privacy Statement has four elements which keep things simple:

1: “What’s new?” link
At the top of the page there is a notice saying when the privacy information was last updated and has a link to a page showing the changes. This means you don’t need side-by-side copies (which nobody would ever wish to do!) to try and find the changes.

2: Topic Navigation
Along the side there is an easy to read and easy to navigate section menu to help you go straight to the section that you want

3: Topic Introductory information
Each section contains an opening paragraph which explains the overall purpose and most important information

4: Topic Learn More link
Each section contains a Learn More link which expands that particular section, giving the in-depth detail where and when it is wanted.

From a usability perspective, this structure is accessible and easy to use.

Zapier
The Zapier privacy policy takes a different approach, which I really like. It simply uses a two-column layout with a Plain-English version of each section! It’s not quite as easy to navigate as the Microsoft one, but is the best I’ve found to date in terms of telling people what they do and why. Genius!

Further Reading

For full guidance on privacy notices you can read the ICO Privacy Notices code of practice

For how-to guidance and a simple checklist to follow you can read the Communicator guide Privacy Notices and the GDPR