5 steps to implementing a bespoke, layered privacy policy (and why you need one now)

You need to display a bespoke, layered privacy policy when you collect data.

Most businesses nowadays do show a privacy policy on their website.

However, there are a number of important things to consider when you write and display your privacy policy, and most organisations do not get it right.

Follow these 5 steps to help ensure your privacy policy is GDPR compliant.

Step 1

Ensure you display a privacy policy wherever you collect data, whether that be on your website or somewhere else.


Step 2

The policy must be bespoke to your business. There is no benefit in finding a business in the same field or sector as you and copying their privacy policy. Your policy must be bespoke to your business, and list all the ways you will use the data specific to YOU and your business or organisation. This ensures that you cover everything necessary in terms of data uses, and also gain the appropriate consent for those uses.

Step 3

The policy must be presented in a way that makes it easy to understand. One way which works well is to use a layered approach. The idea behind a layered policy is that people can quickly and easily read a simplified version of your policy, and find a digestible version of how their data will be used. The ‘layered’ element allows them to click through to find out more if they desire, with each layer displaying more information.

Having an essay at the point of data capture will not suffice, as people do not want to have to read War and Peace to find out how their data will be used. Similarly, just having a few sentences is not adequate, as this does not fully explain all the ways the data will be used. Having a layered policy allows you to both provide detail, and quickly explain how people’s data will be used by your organisation, in order to gain the appropriate and specific consent.

Step 4

Have an opt-in consent option. That way you can prove that people saw your policy. The most common way for this to be done is through a tick box which indicates consent.

Step 5

Finally, make sure that your privacy policy is kept up to date, and is amended in line with any new collection or processing activities. Data mapping is a useful tool to help you understand the collection and processing activities within your organisation.

The importance of your Privacy Policy

Your privacy policy is incredibly important. It is your responsibility as an organisation collecting data, that it be shown wherever the data is collected, and makes it clear to the user all the ways their data will be used.

It is your contract with the user to collect and use their data in a specified way, and for that purpose only.

The Data Guardsman software contains a simple policy builder, that creates policy documents in minutes, that are bespoke to your business. For more information on this, click here.

By Telephone

Leave a comment

Please note, comments must be approved before they are published