How do I draft a privacy statement for a website?
1. Use the correct language for your audience
It's essential that the individuals that you collect personal data from fully understand your website privacy statement - this is key to ensuring that you comply with the transparency principle under UK data protection laws and the data subject’s right to be informed.
It is therefore important that the privacy statement for website includes language that is clear and easily understood by your target audience. You should utilise ordinary, everyday language and steer clear of perplexing terms or legal jargon.
It can also be helpful to keep your privacy statement for website as concise as possible. This will need to be balanced with the legal requirements of what information must be included (see this checklist), but keeping the privacy statement as simple and short as possible will usually make it easier for the individual reading it to understand and digest.
2. Think about presentation style
To make a privacy statement for website as easy to understand as possible, the ICO recommends using different presentation techniques that can help to make the content more digestible to the intended audience. This could include:
A layered approach
A layered method for presenting privacy information usually involves two or more levels of detail. Initially, you would offer people a concise notice, including essential details like your organisation's name and an overview of how you handle their personal data. The privacy statement for website may then go on to include links that lead to a more extensive second layer of information, or it could include a single link for more comprehensive details. These deeper layers may, in turn, contain additional links to explain specific topics. This layered approach can make the privacy statement less overwhelming for the reader, as they are not presented with all the information at once.
A just-in-time notice appears at the point where an individual provides you with a particular piece of their personal data. The notice (e.g a pop-up) gives the individual a brief message explaining how you will use the information they are about to provide. Usually, the message will also contain a link to the privacy statement for website where more information is then set out. Just-in-time notices can be a useful tool in delivering key privacy information to individuals in a concise way.
The UK GDPR says that you can provide privacy information to individuals “in combination with standardised icons in order to give in an easily visible, intelligible and clearly legible manner a meaningful overview of the intended processing.” Icons are not mandatory, but can be a useful tool in helping individuals to understand privacy information.
3. Test and review your privacy statement for website
Some organisations choose to test their privacy statement for website with a selection of website visitors, in order to find out how accessible and understandable the statement is. This can help organisations to know whether they are complying with the transparency principle under UK data protection laws. Inviting individuals to participate in this process can enhance the efficacy of your information delivery. By incorporating feedback from the intended audience, you are likely to develop a more effective and engaging approach.
Regardless of whether or not you carry out testing, you do need to regularly review your privacy notice for website to check it remains up-to-date and accurate. If the processing activities carried out by your organisation change, you must update your privacy statement to reflect those changes.
How can Docue help?
Docue’s privacy statement for website template has been drafted by privacy lawyers to help your business comply with data protection laws. Docue’s technology allows you to build a fully customised website privacy statement by just answering a series of questions - and there are lawyer-drafted guidance notes throughout to help you along the way.
Related legal templates
Docue is trusted by so many growth companies – from sole traders to listed companies.