Privacy Notices


Topics Covered

This section covers the following topics:

  • The purpose and audience of a privacy notice

  • The objectives of a privacy notice

  • The difference between a privacy policy and a privacy notice

  • Where a privacy notice should be published

  • An example privacy notice for a fictitious company called Acme Services

This “Privacy Notice Advisory Site” is provided as guidance and does not constitute legal advice. We hope this page is helpful to you as a reference. At the bottom of this page, you can contact us if you'd like assistance or have any questions.

Purpose and Audience of Privacy Notices

A website privacy notice is written to a diverse audience. In many business cases, the audience is often one of the following individuals:

  • Visitors to your website

  • Employees applying for a job online

  • Individuals submitting a data subject access request (DSAR)

  • Subscribers to your online service

Objectives of Privacy Notice

When writing your privacy notice, it should tell individuals the following:

  • how your organization collects personal information

  • why your organization collects personal information

  • the purpose for which your organization processes personal information

  • whether or not personal information is required to be submitted or is voluntary

  • with whom your organization shares personal information when it is collected

  • if information is transferred across jurisdictional borders to another country, and the protections ensured when this occurs

  • and whether or not your organization performs automated profiling or decision-making

Because of today’s electronic reach and instant access to services, regulations are necessary in order for law enforcement to prosecute wrongdoers. But wrongdoers are not only those that remotely hack and steal identity; wrongdoers are those to whom data has been entrusted yet fail to provide adequate levels of protection to that information. 

Businesses, being data controllers and processors, are obligated ethically and legally to protect data, and more than 100+ countries now have regulations that require various degrees of protection be given identity information regarding data subjects.It's important that we are responsible for the information entrusted to us. We should realize any data protection regulations that are expected from our organization. Regulations were designed to protect individuals and their identity. We should not only pursue compliance with these regulations, but we should want to pursue compliance in data protection regulations. This starts with knowing what laws apply, and what they require.

A Brief Recap Before You Leave

  • Data that describes an individual's identity does not belong to the organisation, but to the individual.
  • There can be real damage that occurs from identity theft.
  • Yes, organisations do handle data, and they are obligated ethically and legally to protect that data.
  • Regulations were designed to protect individuals and their identity, not make business difficult.
  • Over one-hundred countries have implemented data protection regulations.
  • Different regulations will apply for not only organisation's is location, but also according to the nationality of each individual whose data you manage.



    We know there was a lot of information mentioned above. If you would like assistance with what you've read and want to put it into practice, feel free to contact us and we can discuss further details.

    Person Waving.png