top of page
Three-Counties-Data-Protection-logo

UK GDPR for Small Organisations – Principle 1: Be Transparent

  • Writer: Elizabeth Sydenham
    Elizabeth Sydenham
  • 4 days ago
  • 2 min read

Updated: 2 days ago

When people think about UK GDPR compliance, they often jump straight to consent forms, data breaches or complicated policies.


In reality, one of the best places to start is with the first principle: lawfulness, fairness and transparency.


For most small businesses, the easiest way to demonstrate transparency is through a clear and accessible Privacy Notice.


Close-up view of a secure lock on a laptop keyboard

What is a Privacy Notice?


A Privacy Notice tells people:


  • what personal information you collect,

  • why you collect it,

  • your lawful basis for processing it,

  • who you share it with,

  • how long you keep it,

  • what rights they have, and

  • how they can contact you.


Think of it as answering the question:

"If I give you my personal information, what exactly will happen to it?"

Common Mistakes I See


❌ Copying a Privacy Notice from another organisation.

❌ Writing it in legal jargon that nobody can understand.

❌ Creating a Privacy Notice and then never updating it.

❌ Having a Privacy Notice that doesn't reflect what the business actually does.


A Practical Exercise


Take ten minutes and make a list of all the ways your business collects personal information.


For example:


  • Website contact forms

  • Customer enquiries

  • Mailing lists

  • Employee records

  • CCTV systems

  • Supplier contacts

  • Social media messages


Then ask yourself:


"Does my Privacy Notice explain all of these activities?"


If the answer is no, you've found your first improvement.


Top Tip


A Privacy Notice isn't just a compliance document. It's a trust document.


Customers are increasingly aware of how their information is used. A clear, honest Privacy Notice shows that your business takes privacy seriously and has nothing to hide.


This Week's Action


Find your Privacy Notice and read it from the perspective of a customer.


Could someone understand:


  • what information you collect,

  • why you need it, and

  • what choices they have?


If not, that's a great place to start.


Not sure whether your Privacy Notice covers everything it should? Feel free to get in touch for an informal review: hello@threecountiesdata.co.uk


Next time, we'll look at Principle 2: Purpose Limitation – making sure you only collect personal information for clear and legitimate reasons.

 
 
 

Comments

bottom of page