Why you should care about your website privacy notice

by Startacus Admin
Over the last few weeks Thomas Taylor a director at Legal Document provider Net Lawman has written some fab posts for Startacus. First up came why forming a company shouldn’t be a priority when starting a business and then last week Thomas returned with an equally burning dilemma - If your Co-founder Left, Who Would Own Your Business?
This week Thomas returns, to highlight why you should care about your website privacy notice. Over to Thomas to explain all...
Having a privacy policy is nothing new. For years, website owners have been telling their visitors how they use personal data.
There have been two reasons: first, to re-assure visitors that their data is safe, that you will not sell it or spam them with marketing messages; and second, because the Data Protection Act 1998 provides that they must comply with certain rules. Compliance is administered by the Information Commissioner’s Office (“ICO”).
After several small changes, the rules changed dramatically with the Data Protection Regulations 2013. To emphasise the changes, they even came up with a simple new name for the document: a “privacy notice”. (The new regulations are technically part of the Act.)
The ICO suggests placing the information you need to provide in a privacy notice, and making that page available from any page on your site. In that way, you comply with the need to make the information accessible whenever someone might need it. Most sites link to it in the footer.
The main changes are:
- Your privacy notice must contain a lot more information than before.
- Your obligations to comply are greater.
- There is a whole new obligation around cookies. You have to ask every visitor to your website whether he trusts you with your data – hence those little pop-ups about cookies everywhere.
Every one of us who runs a website is also a private individual. We like to be free to choose what specific things other people know about us – no matter how freely we use social media. The present Act appears to be powerful and it does protect us to some extent. However, where cookies are concerned, many website operators agree that the rules are “overkill”. But that is how it is. If your website uses cookies, it has to show one of the many variants of pop-up notice you now see everywhere, and it has to show a privacy notice to explain what it is all about.
There are exceptions. If you use social media accounts as a front for your business (such as a Facebook page), or your store is within another site, such as Etsy, Amazon or eBay, then it is the responsibility of the store provider or social media site to inform visitors.
The law aims to make sure that information is collected and used fairly and transparently. It should, provide an individual with information about the organisation; how the data will be used; and who the data will be shared with. It must take in to account the current use of the data as well as likely future uses.
The Information Commissioner’s Office (ICO) has created a “Code of Practice” (which is well worth reading) to guide businesses as to what they should tell their visitors and customers. Although you don’t have to follow the Code, you do have to comply with the law, and following the Code is the easiest way to do this.
The Code is based on eight principles. We can summarise them in six as:
- You take personal information only if you really need it for your transaction with your user and the extent that you need it.
- You must not keep the data longer than you need it.
- Personal data you record must be accurate and kept up to date. (There is no help with how you are to do that. We assume it applies only to date you do not take directly from the human owner).
- You cannot keep the data for longer than you need it for the purpose for which it was given.
- You must take technical steps to prevent unauthorised use of the data, loss of it or damage to it.
- You must not transfer the data to a country where the privacy requirements are substantially less protective than the UK.

The good news is that although there are criminal sanctions for breach, there is no organisation with the money and organisation to police this law. Any retribution for breach is likely to be through a civil court. However, that will not be very effective either because the aggrieved person would have to be able to prove that he had lost money in some way, by the breach.
So, a cynic might say that provided you comply as best you reasonably can, this law is unlikely to hit you hard. That means just two things:
- Get a really good privacy notice; and
- Show one of those cookie permission pop-ups.
Your privacy notice needs to be readable. That means both that your visitors must understand them (a good reason to use plain English rather than legalese) and that the font style and size should be large and clear.
It is tempting to copy the notice of a competitor, but you should be careful in doing so. His might not be a good example – it might not comply with the law, or his business might be slightly different to yours. It is better to find a template online that you can customise from scratch. Net Lawman, for example, provide one for free.
Having a good notice isn’t just about legal compliance. Your visitors will see that you care about their privacy and trust your site. And some of those visitors are not human, but search engines. Although Google has recently been in hot water with the ICO over non-compliance with the law, the search engine has indicated that it looks at whether your site clearly displays a privacy policy as a trust signal when deciding how highly to rank it in the search results.
It is probably something you would rather not deal with, but making sure you have a good privacy notice in place will benefit your new business.
About Thomas
Thomas Taylor a director of Net Lawman, an alternative for small and growing businesses to using a solicitor to obtain legal documents. He is a qualified accountant (FCCA, FPA/FIPA).
Subscribe to our newsletter
If you would like to receive our startup themed newsletter, full of the latest startup opportunities, events, news, stories, tips and advice, then sign up here.
Tech Nation calls for tangible support to secure capital, talent, growth and exits needed to accelerate the growth of UK tech in decade ahead.

Glasgow-based This is Milk seeks investment for Neve Learning, its cloud-based Ed-Tech platform that has inclusivity and accessibility at its core.

With the UK facing a clear digital skills gap, Amy Caton, Digital Talent and Impact Senior Manager at BT Group shares some insights on what businesses should do to close that divide.

The lowdown on Berlin-based Beazy and its innovative solution that helps teams to plan, produce and deliver creative content and helps businesses to connect with talented content creators.

The lowdown on Fluffy, the app offering dog training, 24/7 vet messaging and insurance to give pet owners peace of mind and support them with their pet care responsibilities.

Huckletree's new Web3 HQ aims to put London’s West End at the forefront of Britain’s tech superpower ambitions.

Leading sports marketing platform, OpenSponsorship announces move into music sector, the first new vertical industry for the trans-Atlantic martech business.

Kingussie High School scoops first place for Junior and Senior categories at this year’s Growing Future Assets Competition.

The lowdown on Manchester-based Arctic Shores and its innovative recruitment solution to help candidate potential count as much as skills and experience.

With the demand for tattoo removal now greater than ever, specialist NAAMA Studios makes a bid for a further £11m in funding.
Published on: 18th January 2016
If you would like to enable commenting via your Startacus account, please enable Disqus functionality in your Account Settings.







- Tech Nation report reveals UK Tech could quadruple in value by 2032 with right conditions 23rd Mar 2023 Tech Nation calls for tangible support to secure capital, talent, growth and exits needed to accelerate the growth of UK tech in decade ahead.
- Neurodiverse learning and training platform Neve shares major six-figure investment opportunity 22nd Mar 2023 Glasgow-based This is Milk seeks investment for Neve Learning, its cloud-based Ed-Tech platform that has inclusivity and accessibility at its core.
- Huckletree opens new London hub for tech companies pioneering Web3 solutions 16th Mar 2023 Huckletree's new Web3 HQ aims to put London’s West End at the forefront of Britain’s tech superpower ambitions.
- OpenSponsorship making its move into the music sector 16th Mar 2023 Leading sports marketing platform, OpenSponsorship announces move into music sector, the first new vertical industry for the trans-Atlantic martech business.