Decide what to include by working out:
- what personal information you hold;
- what you do with it and what you are planning to do with it;
- what you actually need;
- whether you are collecting the information you need;
- whether you are creating new personal information; and
- whether there are multiple data controllers.
If you are relying on consent, you should:
- display it clearly and prominently;
- ask individuals to positively opt-in;
- give them sufficient information to make a choice;
- explain the different ways you will use their information, if you have more than one purpose;
- provide a clear and simple way for them to indicate they agree to different types of processing; and
- include a separate unticked opt-in box for direct marketing.
Also consider including:
- the links between different types of data you collect and the purposes that you use each type of data for;
- the consequences of not providing information;
- what you are doing to ensure the security of personal information;
- information about people’s right of access to their data; and
- what you will not do with their data.