GDPR, Privacy Policies and Plain English

As you probably know (unless you have been living in a bunker or are lucky enough to reside outside the EU!), the new data protection regulations come in to force on Friday 25th May. The General Data Protection Regulation (“GDPR”) aims to give people more control over their data to ensure they know when it will be used, in what ways and where it will be held.

I am no expert on the subject and don’t even attempt to be (my head hurts every time I listen, watch or read anything about it), but it has been incredibly interesting to me from a language point of view, about how how people are interpreting the regulations and how they are communicating about it with client.

Therefore, I felt like I wanted to write a short blog about how impressed I have been by some companies who have adopted a plain English, informal and friendly approach to updating their policies and contacting clients, on a topic which essentially very serious, very formal and for many a little bit dull!

Email Marketing – Opting In

I bet, like me, you have be a little bit inundated with emails asking you to opt-in  or resubscribe to email marketing or company newsletters. Basically, companies want you to confirm (I think so they have good evidence to hand) that you wish to continue receiving email communications and that’s ok for them to use your personal data for this purpose.

If you send out newsletters, take advice, but I would recommend doing something like this to. From my small amount of knowledge, I understand that you can use personal email addresses for sending out marketing campaigns and newsletters under two ‘reasons’ – 1) consent and 2) legitimate business interest. The second seems harder for companies to prove, so it is easier to gain the first by asking people to confirm that they want to continue to receive your communications and keep a record of this, or immediately unsubscribe/delete those who either do not respond or ask to be removed.

I am not going to get any more technical than that from a GDPR guidance point of view but as I mentioned I am really liking how most businesses have adopted a fun and informal approach, in the email communications. I have seen good examples of companies, simply asking me to ‘stay in’ or ‘stay a part’ of their contact list. I feel encouraged to opt-in again and consent to their using my emails as they are treating me like an individual. The methods of doing so have also been relatively straightforward, which I find quite heartening!

Privacy Policies

I have also read a few privacy policies, primarily whilst trying to create my own and again I have been impressed by the attempts of some to make something which is complex and detailed, easy to understand.

For example, ASOS, a fashion retailer, use this to introduce their privacy policy:

“Our promises
We’ll always keep your data safe and secure.
So you’re clued up, here’s why we need it and how we use it.”

It is friendly and accessible and much more engaging than ‘Privacy Policy – GDPR compliant’ or something similar

Some of my ‘favourite’ policies have been the Q&A style. Age UK (formerly Age Concern) is one that has used a fantastic format, asking (and answering) questions, such as ‘How do we collect information from you?’ ‘How is your information used?’ and ‘Who has access to your information?’ Click on the hyperlink to see it.

Each question is answered using plain English, short paragraphs and bullet points, as well as directly addressing the reader.

Writing yours?

I have no expertise at all and just enough understanding (I hope!) to write my own. I do recommend the Information Commissioner’s Office (ICO) website – . This is the regulator’s website, I believe, and it has lots of official information. Also take an expert’s advice, if need be.

However before you get really bogged down with writing yours, keep in mind who you are writing the policy for. It is for your clients to read and for your to follow (or keep to), so the most important thing is to be clear and unambiguous for them and for yourself. Think about all the data you hold, why you hold it, how you use it, and what you are going to do with it (potentially in the future, as well as now). Then get writing and make sure you cover all of those things. Your clients what to know their data is safe and protected by you and how you will do that, so don’t hide that behind jargon.

And bring on the 25th May, let’s hope our inboxes ‘calm down’ a little bit after that.


Image credit: Photo by Fernando Arcos from Pexels

Leave a Comment