Data protection law requires that data controllers provide certain information to people whose personal data they process. A privacy notice is one way of providing this information.
A privacy notice should identify who the data controller is and provide details of its Data Protection Officer. It should also give details the purposes for which the personal data is being collected, how that data is used, who else it is shared with and how long it is kept.
Detailed information about when a privacy notice is needed, how it should be provided and what information must be included can be found in the Privacy Notice Procedure. You will also need to refer to the guidance document on Reviewing and Updating a Privacy Notice.
Research Privacy Notices
Research privacy notices may require the inclusion of additional information as specified by data provider, for example in relation to DARS applications. We have drafted a Privacy Notice Template for Research Studies to give you an idea of what sort of additional information you might need to include in your notice.