Privacy notice
Also known as: privacy policy
A privacy notice (sometimes called a privacy policy) is a public-facing document that a data controller must provide to data subjects at the point of data collection. It must describe: the identity of the controller, the purposes and lawful basis for processing, how long data is retained, any third parties data is shared with, data subjects' rights, and whether data is transferred internationally. Under the DPA 2020, notices must be concise, transparent, and written in plain language.
DPA reference
Data Protection Act 2020
Related terms in Obligations
Anti-money laundering
Legal obligations requiring firms to detect and report financial crime.
Conflict of interest
A situation where a professional's duty to one client may be compromised by duties to another party.
Data breach notification
The legal requirement to report personal data breaches to the OIC within 72 hours.
Data minimisation
The principle that personal data collected should be limited to what is necessary for the stated purpose.