The ICO has published guidance on information that needs to be provided to individuals about how their data is being used. The guidance is written in the ICO's familiar clear style.
As 97% of firms don't have a GDPR plan, this may help take one of the steps that need to be taken to achieve compliance in 2018.
Being transparent and providing accessible information to individuals about how you will use their personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR). The most common way to provide this information is in a privacy notice. In many situations where organisations obtain personal data as part of a simple transaction it should be straightforward to use the key recommendations in this code of practice to develop a clear and effective privacy notice.