Being transparent and providing accessible information to individuals about how you will use their personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR). The most common way to provide this information is in a privacy notice.
This is the amatis Privacy notice
In many situations where organisations obtain personal data as part of a simple transaction it should be straightforward to use the key recommendations in this code of practice to develop a clear and effective privacy notice.
However, in other situations it will not be effective to use a single document to inform individuals about what you do with personal data. The code uses the term ‘privacy notice’ to describe all the privacy information that you make available or provide to individuals when you collect information about them. This can encompass all the information you provide using the channels referred to in this code. This is why the ICO believes that it is good practice to develop a blended approach, using a number of techniques to present privacy information to individuals. Not all of these techniques will be useful for your specific requirements but they are all ways of presenting privacy information that we consider to be good practice. You can use the techniques that are recommended in whatever combination is most effective for you in order to present the required privacy information.
These techniques can also allow you to give individuals greater choice and control over how their personal data is used. This is a further element of best practice and demonstrates that you are using personal data fairly and transparently.
It is often argued that people’s expectations about personal data are changing. People are increasingly willing to share information on social media and to allow their data to be collected by mobile apps, and they are also unwilling to read lengthy privacy notices. These factors are sometimes used to support the view that they are relatively unconcerned that their data is being collected and processed. However, there is also evidence that people do have concerns about how organisations handle their data and want to retain some control over its further use. Therefore, it is still of paramount importance for organisations to be transparent about their processing and comply with the legal requirements to provide privacy information.
Moreover, many organisations embrace transparency as a means of building trust and confidence with their consumers and use it as a means of distinguishing themselves from their competitors.