News / Legal Brief
Dec 7,2022
Transparency is one of the key principles for the lawful processing of personal information worldwide. If you collect and use people’s personal information, you have most probably published a privacy notice that lets people know how you handle their personal information.
However, privacy notices are not once off documents that you draft and put away in the back alleys of your website. They are living documents and must be reviewed and updated regularly, considering the personal information you are currently collecting and how you use it, legal requirements and standard practice. As we start rounding off the year, if you have not updated your privacy notice this year, we suggest you do so and we provide you with some guidelines on how to go about updating your privacy notice.
Providing an up to date and easy to understand privacy notice is not only necessary to comply with legal requirements, but is also good business practice.
To meet transparency requirements, your privacy notice must be an accurate, up to date and true reflection of the personal information that you collect and what you do with it. Therefore, when reviewing your privacy notice, the first step is to check if you have made any changes to the types of personal information you collect and what you do with that personal information since the last time you updated your privacy notice. Then note and incorporate those changes into your privacy notice.
To ensure compliance with applicable laws, review your data protection and privacy legal framework and check for changes in laws, guidelines and decisions that may impact on the contents of your privacy notice.
The most widespread problem with privacy notices is the use of complex language and/or legal jargon (also known as “legalese“). It is not a secret that legalese is beyond the average reader’s understanding and can therefore frustrate anyone trying to read a privacy notice. Some privacy notices also just repeat the wording from data protection laws, which can result in a dry and cluttered privacy notice.
To make your privacy notice less complex and easier to understand, we suggest that you –
Long privacy notices can be an information overload for readers. They can also be confusing and overwhelming, and result in you losing your reader’s attention. We recommend that you reconsider the level of detail in your privacy notice and reduce unnecessary words and repetition.
We also suggest that you reconsider how your privacy notice is presented and –
We also suggest that you consider having separate privacy notices for different audiences – privacy notices that deal with multiple services, products and processing activities are notorious for being long and difficult to understand. In addition, consider having just in time notices by giving your customers or users short bite sized information on your processing activities when they need it, such as before they make a decision. You can do this by including text in appropriate places on your website, using pop-ups and having short explanations with links to more detailed documents.
Even after doing all of the above, your privacy notice may still not be fit for purpose. If you are unsure, test your privacy notice on a small group of your target audience, then update it to address their feedback before you finalise and publish it.
Last but not least, remember to diarise to review your privacy notice regularly, at least once a year.
Although not an easy task, getting your privacy notice clear, concise and up to date will not only help you comply with legal requirements and avoid incurring heavy fines, but it will also ensure that your readers are left with a sense of confidence in knowing how you will collect and use their personal information.
Read – The protection of privacy and personal information. How much personal information will be enough?
NEWS / Legal Brief
Blackouts, further tariff hikes point to ‘inevitable’ financial distress for SA businesses this yearNEWS / Legal Brief
An exercise in Restraint of trade agreements, what not to do!NEWS / Legal Brief
Crypto asset regulation gaining traction in South Africa