GDPR in practice - Privacy Notices
01 Feb 2017
Under the GDPR we need to give more information than ever, explaining how we use and protect the data we collect. Making this task a little more challengine are new "fair processing" and "clear language" requirements, meaning that we must give that information in a way which is simple enough for the intended audience.
At first sight these are two contradictory requirements: how to give more information and more detailed information, while making that information easy to navigate and understand.
To help, I've got two great examples.
The Microsoft Privacy Statement has four elements which keep things simple:
1: “What’s new?” link
At the top of the page there is a notice saying when the privacy information was last updated and has a link to a page showing the changes. This means you don’t need side-by-side copies (which nobody would ever wish to do!) to try and find the changes.
2: Topic Navigation
Along the side there is an easy to read and easy to navigate section menu to help you go straight to the section that you want
3: Topic Introductory information
Each section contains an opening paragraph which explains the overall purpose and most important information
4: Topic Learn More link
Each section contains a Learn More link which expands that particular section, giving the in-depth detail where and when it is wanted.
From a usability perspective, this structure is accessible and easy to use.
For full guidance on privacy notices you can read the ICO Privacy Notices code of practice
For how-to guidance and a simple checklist to follow you can read the Communicator guide Privacy Notices and the GDPR