Awdurdod annibynnol y Deyrnas Unedig a sefydlwyd i gynnal hawliau gwybodaeth er budd y cyhoedd, annog cyrff cyhoeddus i fod yn agored a hybu preifatrwydd data i unigolion.

We’ve written this short guide with the needs of small- to medium-sized enterprises (SMEs) in mind, including small businesses and sole traders. It would also be helpful for small clubs and other groups.

Before you begin to write your privacy notice (sometimes known as a privacy policy), you’ll need to have several key pieces of information to hand:

  • your full contact details;
  • the types of personal data you collect;
  • where you got people’s data from, if it wasn’t from them;
  • why you have people’s information and what you’re doing with it;
  • your lawful basis and your legitimate interests where relevant;
  • who you share people’s information with; and
  • how long you hold people’s information for before getting rid of it securely.

You’ll need to be able to explain these points in writing in a way that’s easy for people to understand. You’ll also need to decide your lawful bases before you start using people’s data. Our handy lawful basis checker will help you.

Your privacy notice needs to include people’s information rights, including the right to withdraw consent, where that’s your lawful basis. Also tell people how they can complain if they’ve got concerns about the way you’re using their information.

We’re here to help. Use our handy privacy notice template to make your own privacy notice.

Top tip! There’s no need for your privacy notice to be long and complicated. In fact, it’s better if it’s short and simple, especially if you’re collecting and using children’s data.

You can choose your own wording but it’s important to be open and use simple language so that people – including children, if you’re using children’s data – know exactly where they stand.