sdecoret - stock.adobe.com

ICO launches privacy notice tool for SMEs

ICO tool designed to make it easier for small businesses and sole traders operating online to create bespoke data privacy notices for compliance purposes

The UK’s Information Commissioner’s Office (ICO) has launched a tool pitched at small businesses and sole traders that is designed to help them create bespoke privacy notices without fuss.

UK data protection laws say every organisation that holds people’s information must explain why it does so, and what it does with it, for customers, suppliers, staff or volunteers to understand what’s happening to their data.

This is generally done via a privacy notice to be displayed on a company’s website, but for smaller businesses with less expertise in the field, creating them can be something of a headache. The ICO hopes the service will go some way to addressing that.

“We’re always looking for ways to make data protection compliance simple and stress-free for smaller organisations and startups, who tend to have less time and fewer resources,” said ICO head of business services Faye Spencer.

“Our new privacy notice generator is a quick and easy solution that provides smaller organisations with the support they need, so they can concentrate on what they’re good at, serving the needs of their customers and growing their organisation.” 

The ICO said the tool was simple to use, and can quickly create tailored notices relevant to small organisations in a variety of sectors, with options specific to those operating in the education and childcare sectors, the finance, insurance and legal industry, health and social care providers, businesses in manufacturing and retail, and the third sector.

It offers two different types of notice: one for customers and suppliers, to be displayed publicly online; and another for staff and volunteers, to be distributed in welcome packs, policy libraries or other internal channels.

Read more about the ICO’s work

  • The Information Commissioner’s Office has reprimanded Chelmer Valley High School in Chelmsford for introducing facial recognition and failing to conduct a legally required data protection impact assessment and obtain the explicit consent of students.
  • Long-awaited guidance from the UK data regulator on police cloud deployments highlights some potential data transfer mechanisms it thinks can clear up ongoing legal issues, but tells forces it’s up to them to decide if the measures would work.
  • The Information Commissioner’s Office is urging organisations to be transparent and learn from each other’s mistakes as it reveals most of the cyber attacks it responds to stem from the same core errors.

Somerset-based artist Bob Iles, who sells his work online and has been testing the new service, said: “I absolutely love the privacy notice generator. It’s incredibly user-friendly and intuitive. With just a few details and a handful of questions, it created a privacy document for my website, where I showcase and sell my original artwork. 

“The fact that this service is free is mind-blowing,” he said. “It generated the privacy policy in no time, and I was able to seamlessly integrate it into my website. Legal jargon can be tricky to navigate, but it seems like this generator covers all the necessary elements. I would highly recommend the privacy notice generator to anyone in a similar position, whether they are building their own website or selling their own products online.”

Tina McKenzie, policy chair at the Federation of Small Businesses, added: “We’re very pleased to have supported the development of this tool, which will allow small businesses to generate tailored privacy notices in far less time, and with far less hassle and cost than previously, or to check the robustness of their current notice.

“Data protection is a vital component of consumer rights, reassuring customers that their personal information won’t be mistreated, and is something small firms are keen to get right,” she said. “By reducing small businesses’ cost of compliance, and the associated stress, the ICO’s tool should be a big help.”

Read more on Privacy and data protection

CIO
Security
Networking
Data Center
Data Management
Close