This paper creates a 10 step guide to creating a multilayered privacy notice. It argues that creating a privacy notice should not be viewed as an intimidating process. Developing a multilayered notice is no more difficult than a full legally compliant notice.
If an organization has already created a full legally compliant notice, they can skip the first 5 steps below and move directly to creating a condensed notice in step 6. Good practice principles would suggest a legal review before publishing any notice.
Our 10 steps to creating a multilayered notice:
- Determine what your company does with personal data
- Determine whether your company’s treatment of personal data is legally compliant
- Develop and test an internal privacy policy that reflects how your company treats personal data
- Use that internal policy to create the organization’s complete external privacy policy
- Test and revise the full privacy notice
- Create the condensed notice
- Harmonize the full and condensed notices together
- Create the short notice
- Review and test the multilayered notices
- Publish your new multilayered notice
