PruAdviser on-line services will be unavailable from 20:00 on Saturday 15 February until 13:00 on Sunday 16 February for website maintenance. We apologise for any inconvenience caused.

Data Policy and Notices

Author Image Nick Hunt Technical Manager, Specialist Business Support
1 minute read
Last updated on 23rd May 2018

Overview

You’ll need to review your policy around managing customer’s personal data and communicate how you handle privacy information by way of a Notice. Find out what to include.

How to use personal data

You may have lawful grounds for processing someone’s data but now you need to let them know how you use their personal data - the ICO refer to this as ‘privacy information’. This may be done with a Notice to the data subject, at the point of collecting the personal data.

The Notice can appear anywhere where a client can find it easily. Putting it on a website might be the best option, but remember to ensure it’s visible at the point you collect personal data. The notice should include:

  • The identity of the controller – that’s the person or people who decide what data is used and how it’s used  

  • The purpose and legal basis of  processing the data

  • The receiver of the personal data, such as banks, insurance companies, etc.

  • If any data is processed outside of the EEA, remember to consider any cloud based storage

  • How long it will be held for or criteria for the length of time

  • The data subject’s rights under the GDPR and how to make a complaint

  • If there’s a legal or commercial requirement to process the data.

By the way, if you change the basis of using personal data, it will still need to pass the ‘lawful purpose test’ and you’ll need to update your Notice.

Labelled Under:
Government Regulation GDPR

© Prudential 2020