Following on from our GDPR compliance top-tips and our jargon buster here are ten practical tips to ensure your Privacy Notice is regulation ready.

Employers and businesses who retain personal data (Data Controllers) must provide their employees (Data Subjects) with information about their data processing activities. This means employers need to provide clear information on how they will be handling/collecting and using personal data. Existing Privacy Notices are unlikely to be sufficient to comply with the Regulations which lay out new detailed requirements that Privacy Notices must meet. Broadly speaking, some of those requirements can be summarised as follows (although specific advice requires to be taken):

1. Use clear and straightforward language and a simple style which employees will easily understand;

2. Avoid using confusing terminology or legal jargon which may confuse employees;

3. Clearly set out who the Data Controller(s) are for the purposes of data processing providing contact details (including of a Data Protection Officer if possible);

4. Clearly explain what information the employer will collect from employees, the legal basis for this and the purposes it will be used for, at the time of data collection;

5. Explain any "legitimate interests" the employer seeks to rely upon and give details of any transfers outside the EEA (with details of adequacy safeguards taken);

6. Specifically explain who, if anyone, the information will be shared with and why;

7. Identify any third party sources which will be used to collect personal data about employees, the uses, period it will be retained for, and notify the employees within one month of collection;

8. Notify employees of the period for which their personal data shall be stored or the criteria used to determine that period;

9. Meet different needs; this may mean having separate Privacy Notices for existing employees and for recruitment purposes; and

10. Highlight the specific individual rights that employees have under GDPR and their right to complain to the ICO.

If you need any support preparing privacy notices for GDPR coming into force on 25 May 2018, please get in touch with a member of the team.

Dentons is the world's first polycentric global law firm. A top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm is committed to challenging the status quo in delivering consistent and uncompromising quality and value in new and inventive ways. Driven to provide clients a competitive edge, and connected to the communities where its clients want to do business, Dentons knows that understanding local cultures is crucial to successfully completing a deal, resolving a dispute or solving a business challenge. Now the world's largest law firm, Dentons' global team builds agile, tailored solutions to meet the local, national and global needs of private and public clients of any size in more than 125 locations serving 50-plus countries. www.dentons.com.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.