It’s fair to say that running a business with a website used to be a simpler prospect than it is today.
These are the main sections you will need to include:
Within the policy, you should include your legal business name and contact details such as an address, telephone number, and email address.
Type of personal information collected
You should list the types of personal information that you collect, such as name, IP address, address, DOB, contact info, etc. The types of information you collect will usually depend on the type of business you are in.
You should clearly explain the processes and methods used to gather their information and also explain why you use it.
If you are storing any personal information, you need to provide details about how you store it and what security measures you use to ensure that their data is protected.
The policy should also explain their data protection rights, giving instructions on how they can opt out of collecting and sharing information. You should also share details of how they can unsubscribe from their mailing list.
List your complaints process, such as writing to your address or emailing a complaints email address. If you are a business that is regulated, you should also include details of the complaints process that the regulators have in place if the complainant is not satisfied with your response.
Many small businesses appoint a person to have the main responsibility for data protection management. You should make sure that this person receives the latest data protection training to ensure that they have the knowledge they need to keep your business compliant.
Find out more about Bob’s Business data protection courses.