• Privacy Policies
    Privacy Policies

GDPR Privacy Policies

You may note we have used the term 'Privacy Policies' and not 'Privacy Policy' - this is deliberate as under GDPR there are two separate privacy policies which you are required to implement. We have explained these in more detail below:

GDPR Website Privacy Policy

Everyone (hopefully!) by now knows that under GDPR all websites which collect any form of personal data (even if that is restricted to something as simple as a contact us form) needs to have a website privacy policy.
It's not quite as simple as just having a policy though, there are also a number of things it must contain, for example, your organisation contact details, the site visitor's rights under GDRP, who they can contact in case of a complaint and so on.
We offer two services to help here, either we can check your privacy policy for any errors or omissions and inform you of the changes you need to make or we can provide you with a fully compliant GDPR privacy policy you can simply slot into your website.

GDPR Employee Privacy Policy

In our experience, this is the policy most likely to be missing, and yet, it is, one of the most important policies under GDPR.

Each of your employees (and for the purposes of GDPR, directors (exec or non-exec), trustees, volunteers, councillors, shareholders etc are all regarded as employees) must have a copy of their Employee Privacy Policy. There should be two copies of the policy for each employee (one of which they retain, the second copy they sign and date and return to you and you should then keep the signed and dated copy on their personnel file).

It is important to note that as from 25th May 2018, the Employee Privacy Policy can no longer be a few sentences in the employee's Contract of Employment, it MUST be a separate document.

We are able to provide you with model wording for an Employee Privacy Policy.

An important note for all privacy policies (both website and employee)

It is important that every time you update your privacy policy(ies) you ensure that they are clearly dated and also that you retain on file a copy of the previous privacy notices. The reason for this is that in the event of a data breach, or other issue which requires reference to your privacy policies, it is the privacy policy which was in effect at the date the breach/issue took place which is relevant and not the privacy policy which is in place now.