Privacy notice

By Reina Legal

1 April 2020

Data protection and privacy laws across jurisdictions require that data fiduciaries or data controllers provide certain information to people whose information (personal data) they hold and use. A privacy notice is one way of providing this information.

Why?

It is legal requirement under the law, to ensure that individuals are informed.

When?

When an organisation obtains personal data of an individual.

Privacy notice vs privacy policy

Privacy notice is publicly accessible document for data subjects whereas privacy policy is an internal document that explains organisations obligations under privacy laws. One must not confuse amongst the two.

Checklist for privacy notice

  • Contact Details
    • Provide contact details of authorised personnel in the organisation
  • Process
    • Define the types of data you process
    • Explain purpose for processing
    • Inform the data subject prior to use of personal data for new purposes not communicated earlier.
    • Inform if the data is further shared to third party for processing
    • Data collected from other sources, including online profiles, sites, or other interactions
  • Rights
    • Clearly inform data subjects of their rights
    • Term for which such data obtained
  • Principles
    • Shall be clear and plain language
    • Backed by a formal policy document
    • Mention security and IT safeguards provided