Based in the heart of the National Forest, we're able to serve businesses around the country.
Those of us who recall the heady days of the first dot-com bubble, will remember an internet before privacy was invented as we experience it today. Spam was a huge problem back then, seen as a marketing opportunity and seized upon by many startups. In recent years, the EU's answer to protecting private citizens was to introduce the GDPR (adopted into UK law), with requirements for every business and website.
One of those requirements is a privacy notice! Sometimes called 'privacy information', or a 'privacy policy', you'll need one if your company holds personal data, which pretty much all businesses do. We're grateful when our clients come to us with the request to write their privacy notice... However, it's a service we don't offer - it's nothing personal, here's why (and a pointer to possible help).
It's a Specialist Area (not our area)
The truth is, writing an accurate privacy notice requires a knowledge of your business - not just the website only, but your day-to-day operations, and how to reference your activity against privacy regulations. In the process of writing a privacy notice you may discover obligations you're not yet fulfilling and then need to make decisions about how your business is going to do that. It's a useful exercise in that regard, but it's not something for our marketing agency to get into on behalf of others. Policy writing as a service (as legal advice - which it would be) just isn't our bag. We don't pretend to be experts in privacy regulations, we just politely point you to those who might be able to help.
Sorting Out Your Privacy Notice
Not to throw the baby out with the bathwater, we don't ignore the need for privacy notices that should be included on websites, we request the relevant privacy notice our clients have in place, so we can add it to their website. Occasionally, however, a client may not be prepared for our request (that's when we get asked if we can do them - sorry). In this instance there are a few options business owners may wish to look at.
Third Party Services for Policy Documents
There are a number of businesses offering template Privacy Policies under various terms, here’s three examples, we've not used any of them, but if you take a look you'll get the idea:
- https://www.lawbite.co.uk/resources/blog/do-i-need-a-privacy-policy-on-my-website-uk
- https://www.rocketlawyer.com/gb/en/sem/privacy-policy
- https://www.lawdepot.co.uk/contracts/website-privacy-policy/
We can't say whether a particular service or template will allow you to be fully compliant, that's between you and the provider you choose, so you should probably get that commitment from them.
ICO Privacy Notice Generator
Some people might consider that since the ICO is the body for regulating all this, they might know a thing or two about how to meet their requirements. The good news is that an updated version of their Privacy Notice Generator is now live:
The generator works like a Wizard guiding you through the process. It asks a lot of questions, so be prepared to take a bit of time. How accurately you answer the questions will affect the accuracy of the final privacy notice. While it's methodical and easy to use, you may have to go hunting for information, or seek to understand what is meant, before you know how to answer some of the questions.
It's not for us to say whether the end result will make you compliant, that's between you, the ICO, and the answers you give. Many people will likely find this tool helpful.
Privacy Experts
Because many business owners understandably find all this a bit of a distraction. Preferring to focus on developing their business while still taking their compliance obligations seriously, some may prefer to simply engage the services of an expert in this area. There appear to be numerous firms offering GDPR consultancy, so it's definitely worth checking your network, and having a look around, and having a few conversations.
- People Search - https://www.linkedin.com/search/results/people/?keywords=gdpr%20consultants
- Companies Search - https://www.linkedin.com/search/results/companies/?keywords=gdpr%20consultants
- Google it - https://www.google.com/search?q=gdpr+consultant+small+business
GDPR goes into a lot more than simply the notices that get posted on your website, there are legal obligations that run into all areas of your business where you deal with people's personal information. For that reason some businesses would really benefit from talking to a consultant if they don't have the expertise in house.
Going Live
Once they've got their privacy notice written and approved by the business owners or their designates, that's when our clients send it to us, and we publish it on their site and make it accessible to their customers and website visitors.
There are always things businesses need to do to stay right with the law. This is just one of those things.
For Full GDPR Information
Although it's impossible to cover everything in this short article, we hope this introduction points you in the right direction. As a business owner you are legally responsible for the compliance of your company. Full details of GDPR obligations can be found on the ICO website.
TLDR
Although privacy notices are requirements for websites, the legal nature of their content, and their connection with the details of how the business they relate to operates, puts them outside of the expertise of our designers, coders and marketers. For this reason we point our clients to alternative providers for privacy notice advice. Once a client has their privacy notice ready we are pleased to add it to their website for them.
