Ensure that you comply with data protection legislation when you engage a consultant and process their personal data. This document is GDPR compliant. Recently reviewed by Lauren Delin,... ... Read more
Answer a few simple questions to make your document in minutes
Save progress and finish on any device; download & print anytime
Securely sign online and invite others to sign
How to Make a Consultant Privacy Notice
Ensure that you comply with data protection legislation when you engage a consultant and process their personal data.
This document is GDPR compliant.
Recently reviewed by Lauren Delin, Solicitor.
This consultant privacy notice was last reviewed on 9 March 2022.
Use this consultant privacy notice:
if you engage consultants for your business in England, Wales or Scotland
to communicate how you collect, store, retain and disclose consultants’ personal data
to ensure that your data processing is safe and compliant with data protection laws
This consultant privacy notice covers:
details of the business that is engaging consultants
the types of personal data that are collected
how the data is collected and stored
the reasons why the data is processed
who has access to the data
international transfers of personal data outside of the UK and the European Economic Area (EEA)
the measures taken to protect the data
how policies on data storage can be accessed
the consultants’ rights as a data subject
A consultant privacy notice is a document which explains how consultants’ personal data (eg their names, addresses or professional qualifications) is processed (eg collected and stored) by the business or individual engaging them (ie the ‘data controller’). It sets out the ‘what, how, where, why and when?’ of the data processing.
For more information, read Processing personal data.
Transparency is a key principle of UK General Data Protection Regulation (GDPR). This means that, to comply with data protection legislation (such as the Data Protection Act 2018), a data controller must be clear and honest with all data subjects regarding how their personal data will be used. Using a consultant privacy notice allows businesses to provide the information necessary to comply with this principle.
This template can be used to create your consultant privacy notice. Once created, the notice will be incorporated into your business as long as you ensure that it’s readily available for consultants to read.
You should also ensure that consultants know who to direct any data protection questions or concerns to. The consultant privacy notice could also be included in any starter information provided to consultants.
UK GDPR and the DPA do not impose a defined time limit for processing or storing data. However, data should not be stored for longer than necessary. Usually, data should be deleted once the consultant’s engagement has ended. In some cases retaining data for a longer period of time may be justified, for instance on the grounds of a legitimate interest.
How long you retain data for should be set out in a document, for instance a data retention policy or an Information security policy. You can Ask a lawyer for assistance in creating these policies.
Transferring personal data to recipients outside the UK is prohibited under data protection laws unless certain safeguards are put in place. The international transfer of personal data may be permitted:
if the ‘third country’ (ie the country that the recipient is in) has an adequate level of data protection, as determined by the Information Commissioner's Office (ICO). This includes countries within the EEA
on the basis of standard data protection clauses approved by the UK
For more information, read International transfers of personal data.
Consultants have certain rights relating to personal data held about them, including:
the right to access and obtain a copy of their data and be informed about how their data is being processed
the right to have their data rectified if it's inaccurate or incomplete
the right to object to the processing
the right to have their data erased in certain circumstances
For more information, read Data protection and privacy.
If a consultant believes that a business hasn’t complied with a consultant privacy notice or has otherwise infringed their rights under data protection legislation, they are able to file a complaint with the ICO. However, businesses can encourage consultants to engage with them to attempt to resolve any issues before making a complaint.
Ask a lawyer for advice if:
issues arise when consultants’ data is used in a way that could infringe their privacy or which could relate to their activities outside of work
advice is required on the use of covert monitoring in the workplace
an existing consultant privacy notice needs to be changed
This consultant privacy notice is governed by the laws of England, Wales and Scotland.
WHY ROCKET LAWYER?