Do you have a privacy statement?
In order to comply with the Data Protection Acts, your website must contain a privacy statement if you:
- collect personal data (for instance, where visitors fill in web forms, feedback forms, submit orders etc.);
- otherwise collect personal data (for example, IP addresses, e-mail addresses).
A privacy statement should be placed in an obvious position and may not be just accessible from within another document on a website, such as terms and conditions of use or a disclaimer notice.
The privacy statement should set out how your business applies the data protection principles to data processed on your website and should be specific to your website. Statements to the effect that personal data will be processed in compliance with the Data Protection Acts are not sufficient on their own. They need to be accompanied by an explanation of how, in practical terms, the website complies with its obligations.