Data Policy and Notices

Author Image Nick Hunt Technical Manager, Specialist Business Support
1 minute read
Last updated on 23rd May 2018

Overview

You’ll need to review your policy around managing customer’s personal data and communicate how you handle privacy information by way of a Notice. Find out what to include.

How to use personal data

You may have lawful grounds for processing someone’s data but now you need to let them know how you use their personal data - the ICO refer to this as ‘privacy information’. This may be done with a Notice to the data subject, at the point of collecting the personal data.

The Notice can appear anywhere where a client can find it easily. Putting it on a website might be the best option, but remember to ensure it’s visible at the point you collect personal data. The notice should include:

  • The identity of the controller – that’s the person or people who decide what data is used and how it’s used  

  • The purpose and legal basis of  processing the data

  • The receiver of the personal data, such as banks, insurance companies, etc.

  • If any data is processed outside of the EEA, remember to consider any cloud based storage

  • How long it will be held for or criteria for the length of time

  • The data subject’s rights under the GDPR and how to make a complaint

  • If there’s a legal or commercial requirement to process the data.

By the way, if you change the basis of using personal data, it will still need to pass the ‘lawful purpose test’ and you’ll need to update your Notice.

Labelled Under:
Government Regulation GDPR

"Prudential" is a trading name of Prudential Distribution Limited. Prudential Distribution Limited is registered in Scotland. Registered Office at Craigforth, Stirling FK9 4UE. Registered number SC212640. Authorised and regulated by the Financial Conduct Authority. Prudential Distribution Limited is part of the same corporate group as the Prudential Assurance Company. The Prudential Assurance Company and Prudential Distribution Limited are direct/indirect subsidiaries of M&G plc, a company incorporated in the United Kingdom. These companies are not affiliated in any manner with Prudential Financial, Inc, a company whose principal place of business is in the United States of America or Prudential plc, an international group incorporated in the United Kingdom.