The EU General Data Protection Regulation (GDPR) includes rules on giving privacy information to those whose data is held by an organisation (data subjects). These are more detailed and specific than in the Data Protection Act (DPA) and place an emphasis on making privacy notices understandable and accessible. Data controllers are expected to take ‘appropriate measures’ to ensure that this is the case.
Hops & Scotch interprets this as using very clear language to outline each of the responsibilities for each of the data subject groups.
The GDPR say that the information provided to data subjects about how Hops & Scotch Ltd processes their personal data must be:
• concise, transparent, intelligible and easily accessible;
• written in clear and plain language and
• free of charge.
These requirements are about ensuring that privacy information is clear and understandable for data subjects. These requirements are about ensuring that privacy information is clear and understandable for data subjects. This privacy notice deals with the overall privacy responsibilities of Hops & Scotch but includes a particular notice that applies to companies wishing to deal with Hops and Scotch directly or as a 3rd party. The notice deals with two sources of data, that obtained directly from the subject and, data not obtained directly from the subject.