If you collect data in any way, e.g. through an feedback form, or you use cookies to collate statistics and management reports, you must have a Privacy Policy Statement.

This should contain:

• The identity of the ‘Data Controller’
• A provision setting out the personal data which the website owner will collect.
• A provision stating the purpose for which personal data collected will be used.
• A provision informing the data subject of where his personal data will be stored.
• A ‘Cookie Statement’ setting out clear and comprehensive information about the purpose of the storage of, or access to, cookies which the data controller places on the data subject’s computer; and the opportunity to refuse the storage of, or access to, such cookies.
• A disclosure provision setting out whether personal data will be accessed by or disclosed or sold to (including the situation when the business is sold), third parties, and for what purposes e.g. credit card clearance or sale of personal data to advertisers.
• A provision informing the data subject of his right to access his personal information.
• Contact details allowing the data subject to withdraw the data subject’s consent to such use of datasubject’s personal data.

You could face a £5,000 fine if you fail to comply. If you are a company director or a manager and the breach was committed with your consent or knowledge or because of your neglect, you’re guilty of the offence and personally liable.

< Prev		Next >