If you gather or handle an personal data in any way, you need to make sure you follow the GDPR for protection that data. You have a responsibility to do the following, among other things:
- Only collect the data you need and intend to use
- Protect the data you hold to prevent unauthorised access
- Only keep the data you collect for as long as is reasonably necessary
- Ensure the data subject (who the data is about) knows and has agreed to your collection and use of their data.
The GDPR and the Data Protection Act set out how you should do this. If you don’t follow these regulations, you may be liable in a data breach claim, and could end up having to pay out compensation.
Keep reading to find out how we can help you make sure you’re complying with the GDPR and the Data Protection Act.
Privacy notices are there to tell a data subject how their data will be handled and used. So, this should describe everything listed above, such as what data will be collected and how it will be used. But, your privacy notice should also include:
- Reasons for collecting data and information
- How data is stored and secured
- How long the data will be stored
- If, why, and how data may be shared with any third parties
- The data subjects rights, such as access and erasure, and how to exercise those rights
- How to contact you about your privacy notice and use of data
For help writing your privacy notice, or checking that your current notice is compliant, give us a call on 01925 351 350.
Drafting Terms & Conditions
Often, you will want to set out how a relationship will work. That can be done with your terms and conditions, which can be thought of like ‘ground rules’ for a business relationship. They might include:
- Details of prices, products, and services
- Cancellation or termination policies
- Payment terms
- Details of warranties or liabilities
- Any other conditions you wish to impose
If you need help drafting your own terms and conditions, or would like us to review what you have already, please get in touch.