Control measure: Fair processing information is comprehensive and actively communicated to people at the point that data is collected.
Risk: Without fair processing information, people may not be fully informed how and why their personal information is processed. This may breach UK GDPR articles 13 and 14.
Ways to meet our expectations:
- Publish privacy information that includes all the information required by data protection law.
- Provide privacy information at the point that you collect personal information.
- Produce privacy information in a variety of formats (eg posters and leaflets), in addition to online privacy notices.
Options to consider:
- Provide focused or bite-sized privacy information relevant to each data collection activity.
Control measure: Fair processing information is in understandable and accessible languages and formats.
Risk: Without fair processing information, people may not understand how their personal information is processed. This may breach UK GDPR article 12.
Ways to meet our expectations:
-
Present privacy information clearly and prominently on your website or in another appropriate format at the point that you collect it.
-
Provide privacy information in a layered format (eg summaries at the top with further detailed information below).
-
Provide privacy information in different languages or styles to ensure people can understand it, including separate age-appropriate notices, where relevant.
-
Have the ability to provide privacy information in more accessible formats (eg in braille or large font).
-
Use clear, plain, non-technical language when explaining processing.
Options to consider: