PruAdviser on-line services will be unavailable from 18:00 on Saturday 14 December until 12:30 on Sunday 15 December for website maintenance.
You’ll soon see improvements to Retirement Account online services. Look out for more details coming soon.

Data Policy and Notices

Author Image Nick Hunt Technical Manager, Specialist Business Support
1 minute read
Last updated on 23rd May 2018

Overview

You’ll need to review your policy around managing customer’s personal data and communicate how you handle privacy information by way of a Notice. Find out what to include.

How to use personal data

You may have lawful grounds for processing someone’s data but now you need to let them know how you use their personal data - the ICO refer to this as ‘privacy information’. This may be done with a Notice to the data subject, at the point of collecting the personal data.

The Notice can appear anywhere where a client can find it easily. Putting it on a website might be the best option, but remember to ensure it’s visible at the point you collect personal data. The notice should include:

  • The identity of the controller – that’s the person or people who decide what data is used and how it’s used  

  • The purpose and legal basis of  processing the data

  • The receiver of the personal data, such as banks, insurance companies, etc.

  • If any data is processed outside of the EEA, remember to consider any cloud based storage

  • How long it will be held for or criteria for the length of time

  • The data subject’s rights under the GDPR and how to make a complaint

  • If there’s a legal or commercial requirement to process the data.

By the way, if you change the basis of using personal data, it will still need to pass the ‘lawful purpose test’ and you’ll need to update your Notice.

Labelled Under:
Government Regulation GDPR

© Prudential 2019