What is a Privacy Policy?

Enquire now

A Privacy Policy is a legally binding notice of how a company deals with a contact's (customer, prospect, employee) personal information. Under the Data Protection Act, the rules on these were quite unspecific however under the General Data Protection Regulation (GDPR), the rules are much more stringent. The GDPR demands that Privacy Policies are 3 things:

That they are concise, transparent, intelligible and easily accessible.
They need to be written in clear and plain language, particularly if addressed to a child.
Needs to be free of charge.

What should a Privacy Policy contain?

Under the GDPR, a company's Privacy Policy should contain all information about the collecting, sharing and storage of the contact’s personal information. You can visit the ICO for a full list of what should be on your Privacy Policy, but the key points are:

The purpose and legal basis of the processing of personal data.
Contact details for the Data Controller for any queries.
Whether there is any automated decision making and profiling and the reason for this.

How are other businesses operating under the GDPR?

GDPR and data preparation

We have partnered up with Data IQ to survey organisations on their preparations for GDPR.

Explore the research

Experian Ltd is authorised and regulated by the Financial Conduct Authority (firm reference number 738097). Experian Ltd is registered in England and Wales (no. 00653331). Registered office: The Sir John Peace Building, Experian Way, NG2 Business Park, Nottingham NG80 1ZZ.