Are Privacy Notices Just About the GDPR?

A judge's hammer and gavel.
Photo by Tingey Injury Law Firm.

Every company has been focused on ensuring their privacy notices are compliant for GDPR, however there could be a blind spot. The GDPR may be the strongest privacy regulation in the world, but it isn’t the only one. For example, when your website uses cookies, your organisation must ensure that the Privacy and Electronic Communications Regulations (PECR) is also followed.

The PECR sits alongside the Data Protection Act 2018 and the GDPR. Between the PECR and GDPR there is some overlap, given that both aim to protect people’s privacy. The PECR and GDPR sit side by side. You must make sure you comply with both.

For global businesses there may be a number of other local regulations you need to consider. If you have customers in California or New York, then you will need to consider California’s Consumer Privacy Act (CCPA) – effective 1st January 2020 and New York (SHIELD Act) effective 21st March 2020.

When drafting Privacy Notices for your business, assess your target audiences and ensure you’ve ticked all the boxes across the multiple data privacy regulations.


About Us: Tacita are GDPR compliance experts. Tacita help clients achieve and maintain GDPR compliance. Get in touch to explore our range of GDPR services including the Tacita GDPR Audit, GDPR Consultant Service and the GDPR Toolkit.

Share this article: