Frequently Asked Questions

Yes, most likely you do!

If you collect and process the personal information of individuals during the course of your business, then you will need to create a Privacy Notice and make it easy to find.

The most obvious way of making sure you make your Privacy Notice 'accessible' to everyone is to publish it on your website.

The most common way to do this is to create a link to a PDF at the bottom of the home page, people will expect to see it there.

But don't be afraid of going a few steps further, for instance you could:

• embed a link to your privacy notice in your email signature

• attach a copy of your privacy notice to any documentation provided to new customers

• embed a link to the privacy notice within your text message or app communications to new customers

When you are writing your privacy notice make sure it is personal to the processes within your own particular organisation.

Easier said than done, but don't be tempted to copy and paste a privacy notice from a completely unconnected business and hope for the best.

You need to know and understand what personal data you collect, where you collect it from, why you collect it, your lawful bases for collecting it and who you share it with.

The Information Commissioner's Office has created a helpful privacy notice template on their website, which is worth a look: https://ico.org.uk/for-organisations/advice-for-small-organisations/create-your-own-privacy-notice/ 

The template is a useful content creator, but you might need to take advice on the lawful bases section and the retention schedule section.

In conclusion, be creative with your privacy notice, be transparent and link the privacy notice to what really happens in your business, and don't be frightened to give it some character.

Feel free to contact me if you would like some support and guidance with your privacy notice.

A Subject Access Request (SAR) is a formal way for individuals to ask an organisation for a copy of all the personal data that you hold and process about them.  Under the UK's Data Protection Act, your customers have the right to know what personal information you are processing about them and how it’s being used. 

At CSH Consulting, we understand that navigating the process of responding to these requests can be daunting and occasionally extremely sensitive.

We will guide you through the data maze, ensuring you have complete clarity on what you should release, when to release it, and what exemptions might apply.

We offer outsourced Data Protection Officer support, handle subject access requests, manage personal data breaches, conduct GDPR audits, and provide compliance reviews. Our flexible approach ensures tailored assistance to meet your specific needs.

Our team conducts thorough audits and reviews to identify compliance gaps. 

We then recommend practical steps to align your processes with GDPR requirements, helping you reduce risk and maintain data protection standards.

Yes, we provide expert guidance on managing personal data breaches, including assessment, reporting, and mitigation strategies. 

Our support helps you respond promptly and effectively to minimise impact.

Yes, we offer flexible and affordable solutions designed to suit organisations of all sizes and sectors. 

Our cost-effective support ensures you receive expert data protection advice without unnecessary expense, and only for the areas you need it.

Contact us to discuss your data protection requirements or to arrange a free initial consultation where we can discuss the level of support you may need.