INFORMATION COMMISSIONER - USEFUL LINKS
ARE YOU REGISTERED WITH THE ICO?
If you process personal data in your organisation, it is likely that you will need to register with the regulator and pay a fee. The ICO is now contacting all limited companies who haven't yet registered and asking them either to register or declare they are not data processors.
There are, however, some exemptions for small entities so, if you haven't checked already, you should take the ICO's self-assessment test.
ARE YOU MEETING THE TRANSPARENCY REQUIREMENT?
The ICO states that "individuals have the right to be informed about the collection and use of their data". Article 13 GDPR is specific about what you need to tell data subjects and the regulator has guidance here.
What this guidance can't tell individual data controllers is which of the various criteria apply to their circumstances. Which legal basis for processing, for example. What retention period applies. These are the uncertainties which make a 'DIY' privacy notice risky and why you may need our support.