Leave a Comment / Guidance / By

GDPR Website Privacy Policy or Privacy Notice?

This is a conversation that we’ve been having more than expected over the last 5 years, so it’s time for a blog…

Should your website have a Privacy Notice?

Should your website have a Privacy Policy?

What on earth is the difference?

Let’s find out…

Why do we need a Website Privacy Page / Notice / Policy?

The principle of transparency is central to GDPR and the UK Data Protection Act.

Organisations need to inform data subjects (people) how their personal data is being used.

The primary way this is achieved is through a privacy page on the organisation’s website.

So, it’s a legal obligation.

Legal obligations are normally worth doing.

So, Website Privacy Notice or Privacy Policy?

Some websites use the term Privacy Notice.

The ICO (UK data protection regulator) uses the term Privacy Notice. This is a good hint…

Some websites use the term Privacy Policy.

The content looks pretty much the same.

Why Care If It’s Privacy Notice or Privacy Policy?

Clearly there’s not a huge amount of companies being fined for choosing one term of the other.

So the risk is likely to be small.

But some people like to get things right.

For that, we need to consider what a policy is, and what a notice is.

What is a Policy?

The Cambridge Dictionary says a Policy is:

“A set of ideas or a plan of what to do in particular situations that has been agreed to officially by a group of people, a business organization, a government, or a political party

A policy typically tells people, such as staff, what they must do.

What is a Notice?

Back to our guide, the Cambridge Dictionary says a Notice is:

“To see or become conscious of something or someone”

A notice typically tells people what is going on.

What should we do?

The standard caveat comes in: you are currently reading a webpage, which is not legal advice. Different companies are different, so you need bespoke advice for your company, and this webpage is not bespoke advice. Don’t blame this webpage if you get it wrong.

The key is whether you are telling people what they must do (making it a Privacy Policy) or telling people what you’re doing (making it a Privacy Notice).

But we will mention that if the ICO uses the term Privacy Notice, that might be a good term to use…

Contact us

Want to know more, or need a hand with GDPR, privacy, information security, compliance or risk management?

Give us a bell on 0800 292 2126 or just send us a message:

Related Posts

Does my company need a DPO

Does my company need a DPO? GDPR mandates that specific types of organisations assign a formal Data Protection Officer. At a high level, this is…

4 Tasks DPOs Must Perform Under GDPR

4 Tasks DPOs Must Perform Under GDPR EU Data protection law mandates that the DPO must fulfil certain obligations and tasks. This includes: Informing and…

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top