This is the third in a series of 12 posts with some advice from the ICO on how to start preparing for the advent of the GDPR in May 2018.
You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
When you collect personal data you currently have to give people certain information, such as your identity and how you intend to use their information. This is usually done through a privacy notice. Under the GDPR there are some additional things you will have to tell people. For example, you will need to explain your legal basis for processing the data, your data retention periods and that individuals have a right to complain to the ICO if they think there is a problem with the way you are handling their data. Note that the GDPR requires the information to be provided in concise, easy to understand and clear language.
The ICO is currently consulting on a new version of its Privacy notices code of practice. The new version, to be published later in 2016, will reflect the new requirements of the GDPR.
For more details go to the Information Commissioners Office here
Source: ICO – Preparing for the General Data Protection Regulation