Profile information Account settings
Sign up Log in

MAKE YOUR FREE Consultant privacy notice

  • Make your document in minutes
  • Access from any device
  • Securely sign online
Make document

How to make a Consultant privacy notice

Ensure that you comply with data protection legislation when you engage a consultant and process their personal data. 

This document is GDPR compliant.

Recently reviewed by Lauren Delin, Solicitor.

This consultant privacy notice was last reviewed on 9 March 2022.

Use this consultant privacy notice:

  • if you engage consultants for your business in England, Wales or Scotland

  • to communicate how you collect, store, retain and disclose consultants’ personal data

  • to ensure that your data processing is safe and compliant with data protection laws

This consultant privacy notice covers: 

  • details of the business that is engaging consultants  

  • the types of personal data that are collected

  • how the data is collected and stored

  • the reasons why the data is processed

  • who has access to the data

  • international transfers of personal data outside of the UK and the European Economic Area (EEA)

  • the measures taken to protect the data

  • how policies on data storage can be accessed

  • the consultants’ rights as a data subject

A consultant privacy notice is a document that explains how consultants’ personal data (eg their names, addresses or professional qualifications) is processed (eg collected and stored) by the business or individual engaging them (ie the ‘data controller’). It sets out the ‘what, how, where, why and when?’ of the data processing.

For more information, read Processing personal data.

Transparency is a key principle of UK General Data Protection Regulation (GDPR). This means that, to comply with data protection legislation (such as the Data Protection Act 2018), a data controller must be clear and honest with all data subjects regarding how their personal data will be used. Using a consultant privacy notice allows businesses to provide the information necessary to comply with this principle.

This template can be used to create your consultant privacy notice. Once created, the notice will be incorporated into your business as long as you ensure that it’s readily available for consultants to read. 

You should also ensure that consultants know who to direct any data protection questions or concerns to. The consultant privacy notice could also be included in any starter information provided to consultants.

UK GDPR and the DPA do not impose a defined time limit for processing or storing data. However, data should not be stored for longer than necessary. Usually, data should be deleted once the consultant’s engagement has ended. In some cases retaining data for a longer period of time may be justified (eg on the grounds of a legitimate interest). 

How long you retain data for should be set out in a document, for instance, a data retention policy or an Information security policy. You can Ask a lawyer for assistance in creating these policies.

Transferring personal data to recipients outside the UK is prohibited under data protection laws unless certain safeguards are put in place. The international transfer of personal data may be permitted:

  • if the ‘third country’ (ie the country that the recipient is in) has an adequate level of data protection, as determined by the Information Commissioner's Office (ICO). This includes countries within the EEA 

  • on the basis of standard data protection clauses approved by the UK

For more information, read International transfers of personal data.

Consultants have certain rights relating to personal data held about them, including:

  • the right to access and obtain a copy of their data and be informed about how their data is being processed

  • the right to have their data rectified if it's inaccurate or incomplete

  • the right to object to the processing

  • the right to have their data erased in certain circumstances

For more information, read Data protection and privacy.

If a consultant believes that a business hasn’t complied with a consultant privacy notice or has otherwise infringed their rights under data protection legislation, they are able to file a complaint with the ICO. However, businesses can encourage consultants to engage with them to attempt to resolve any issues before making a complaint.

Ask a lawyer for advice if:

  • issues arise when consultants’ data is used in a way that could infringe their privacy or which could relate to their activities outside of work

  • advice is required on the use of covert monitoring in the workplace

  • an existing consultant privacy notice needs to be changed

This consultant privacy notice is governed by the laws of England, Wales and Scotland.

Other names for Consultant privacy notice

Privacy notice, Consultants privacy notice, Fair processing notice, Fair processing notice for consultants.