We have launched a new, quick and easy-to-use tool to help small organisations and sole traders create a bespoke privacy notice and protect people’s information rights.
Under data protection law, every organisation that holds people’s information needs to explain why it holds it and what it does with it. This is so their customers, suppliers, staff and volunteers know what will happen to their personal information.
Organisations can provide this information through a privacy notice, which is displayed on its website or included in other communications, to ensure they’re compliant.
In just a few simple steps, the new privacy notice generator can create tailored privacy notices relevant to small organisations in a variety of sectors of the economy. There are sections of the tool specific to the finance, insurance and legal sectors; education and childcare; health and social care and charity and voluntary sectors. There are also sections designed for other small organisations in sectors such as retail and manufacturing.
Case study one
“I absolutely love the privacy notice generator. It's incredibly user-friendly and intuitive. With just a few details and a handful of questions, it created a privacy document for my website, where I showcase and sell my original artwork.
“The fact that this service is free is mind-blowing. It generated the privacy policy in no time, and I was able to seamlessly integrate it into my website.
“Legal jargon can be tricky to navigate, but it seems like this generator covers all the necessary elements.
“I would highly recommend the privacy notice generator to anyone in a similar position, whether they are building their own website or selling their own products online.”
Bob Iles, Artist and small business owner.
Case study two:
“The privacy notice generator is simple to use with clear instructions and has minimal technical jargon.
“We also found the "What Does This Mean?" tab very informative, as it provides greater clarity on what is being asked of you to populate the template correctly for your organisation. Once the template is generated, users can download it into Word format and make amendments where necessary, which is very useful if you already have a company policy in place.
“Overall, we will recommend this ICO feature to other small organisations in our community to promote best practice measures in data management communications.”
Noir Space BH Ltd, a small medium enterprise.
"We're always looking for ways to make data protection compliance simple and stress-free for smaller organisations and start-ups, who tend to have less time and fewer resources.
“Our new privacy notice generator is a quick and easy solution that provides smaller organisations with the support they need, so they can concentrate on what they're good at, serving the needs of their customers and growing their organisation.”
Faye Spencer, Head of Business Services
The tool offers two different types of privacy notice. One for customer and supplier information, which organisations can display on their website or external communications. And another for staff and volunteer information, for inclusion in welcome packs, policy libraries or other internal channels accessible to staff and volunteers.
Tina McKenzie, Policy Chair, Federation of Small Businesses (FSB) added:
“We’re very pleased to have supported the development of this tool, which will allow small businesses to generate tailored privacy notices in far less time and with far less hassle and cost than previously, or to check the robustness of their current notice.
“Data protection is a vital component of consumer rights, reassuring customers that their personal information won’t be mistreated, and is something small firms are keen to get right. By reducing small businesses’ cost of compliance, and the associated stress, the ICO’s tool should be a big help.”
We are also encouraging sole traders and small organisations that already have a privacy notice to use the generator to check it’s up to date.
You can find the privacy notice generator on the ICO’s website for small organisations here.
Notes for editors
- The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
- The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
- To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.