When the General Data Protection Regulation (GDPR) landed in 2018 the data protection landscape changed. Whilst legally it didn’t actually represent a massive jump from what was there before, the focus that was placed on data and the eye-watering fines meant that data protection quickly rose up the agenda in most boardrooms.
Fast forward to 2020 and whilst interest from the media has quelled, the threat of fines is still there. More importantly, individuals and businesses have been left understanding that they have a right to have their data protected. Expectations have been raised. Data protection is no longer something that people (or businesses) ignore.
The Right to be Informed: Mind the Gap
One of the key principles of GDPR is that individuals have a right to be informed about how their data is collected, processed, and used. The legislators, perhaps foreseeing the gap between lengthy legal documents drafted by lawyers trying to tick every box and users trying desperately to understand what was written, issued a warning.
Information must be provided in a way that is:
- Easily accessible; and (this is the big one!)
- Use clear and plain language
Now, this is music to the ears of all lawyers trained in legal design. It’s what we do! It’s what we have been saying should be the case not just for privacy notices, but for all legal documents. Shouldn’t that list of things be true for all legal documents?
The ICO goes even further and provides best practice as to how the information should be delivered. They suggest:
- A layered approach
- Mobile and smart device functionalities
A shift change?
But it’s just box-ticking
We get it, privacy notices are just another of those things on the to-do-list that need to be done. You know you must have one, but they don’t warrant much more than a standard-form contract template. Do they?
We believe that privacy notices provide organisations with an opportunity. They provide an opportunity both internally and externally. Most firms haven’t seized that opportunity, which makes it even bigger for those that do.
The internal opportunity
Firms need to know what the privacy notice contains. That sounds obvious, but let’s think about that for a moment.
The privacy notice is your company’s promise to its clients and other individuals that it engages with. It is the culmination of your data story. It documents what you do as a business. If you break your promise those individuals will, rightly, have a reason to complain. As we have already noted that not only damages your relationship with that individual, it also leaves you exposed to eye-watering fines and potentially even more eye-watering reputational harm. Even in a best-case scenario you are likely to have some negative social media arise.
The external opportunity
Legal Design is where design-thinking and legal compliance meet, marry and have children. The result is legal documentation that not only fulfils what is needed from a regulatory standpoint, but legal documentation that fulfils what your brand stands for. It speaks to your customers and potential clients in the same way and with the same force that your marketing does. It draws people in and confirms to them why they are doing business with you.
In the context of privacy notices, it goes further. Legal design produces something that users engage with and understand. There is no ambiguity or misunderstanding about what data is or how it is used. This in turn reduces the risks that someone will complain.
Now, we can’t promise you 16,000 views of your privacy notice, what we can promise though, is a privacy notice that you are proud to share. A privacy notice that becomes a living and breathing document in your organisation. One that sits at the heart of your promise about data. In the interest of transparency, we will issue a warning; once you experience legal design with one document, there will be no turning back.