External Policies - Heald Law
Select Page

External Policies

Essential GDPR Policies

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Act 1998 as of May 25th, 2018.  Two of the policies which are the most widely discussed when it comes to GDPR compliance are:

  • Privacy Policy
  • Website Privacy Policy

Both the privacy policy and website privacy policy will be seen by people outside your organisation and should cover everything from how long you keep an individual’s data internally to how you use tracking cookies on your website.  It is crucial that you complete a full audit of how all personal information is collected, stored and how you will dispose of it.  If you would like a copy of our GDPR Audit guide, you can download it here {link to download}.

Your responsibility

Once you understand how data enters and exits your business, you will need to create policies in which you explain to people how you process their personal data.  This information must be:

  • Concise, transparent, intelligible and easily accessible;
  • Written in clear and plain language, particularly if addressed to a child; and
  • Free of charge

Further information can be found on the ICO website

Some changes to be aware of

It is important to understand that the GDPR has a longer list of information that is required in your privacy statements when compared to DPA.   This is why we suggest reviewing and updating your policies even if you believe they are already comprehensive. The GDPR also includes changes specific to how a data controller can process children’s data.  If you process data for young people, you will need to ensure that you are aware of the changes relating to each age group.

For help creating or updating your policies, please contact Shital Odedra or David Dees  on 01908 662277