A Privacy Notice vs a Privacy Policy

A lot of websites often refer to their privacy documentation incorrectly. The terms "privacy policy" and "privacy notice" are sometimes used interchangeably, but they have distinct meanings, especially when it comes to compliance with Article 13 of the GDPR.

Privacy Policy: A privacy policy is an internal document that outlines an organisation’s protocols and procedures for handling personal data. This document is primarily for internal use, providing guidelines for employees on how to manage and protect data within the organisation.

Privacy Notice: On the other hand, a privacy notice is a public-facing document intended to inform customers, suppliers, and employees about the organisation’s data processing activities.

Key Points to Include in a Privacy Notice:

1. Data Collection: What personal data is being collected.

2. Purpose: The reasons for collecting and processing the data.

3. Legal Basis: The legal grounds for data processing.

4. Data Sharing: Whether the data will be shared with third parties.

5. Individual Rights: The rights individuals have regarding their data.

6. Contact Information: How individuals can contact the organisation with questions or concerns.

Conclusion: Understanding the distinction between a privacy policy and a privacy notice is crucial for GDPR compliance. By correctly labeling and providing a comprehensive privacy notice, organisations can ensure transparency and build trust with their customers, suppliers, and employees.

It should be referred to as a privacy Notice, as you are giving notification to your customers, suppliers or employees that you are processing their information.

Written by: Melindi Dean- Privacy Specialist CIPP/E