Privacy policies used to be some of the most unread documents around - until GDPR reminded the public why they matter. The General Data Protection Regulation (GDPR) exists to better protect personal data and digital privacy, so it makes sense that the regulation would affect most companies’ privacy policies.
What data you collect
It’s important to note that GDPR applies to personally identifiable information, and it’s imperative to explain how that type of information is collected, stored, used, and potentially shared.
Why your business/website is collecting the data
The name of your Data Controller
Data Controller is more than likely your organization unless your group serves as a data processor for other organizations.
Contact information for the Data Controller
A list of the 8 rights they now have under GDPR
Those involved with GDPR compliance for your organization (or ideally most of your organization) should understand how to respect these 8 rights and how those rights affect information security and usage.
f you transfer data internationally
You'll also need the international laws relevant to the scope of your international dealings. This applies to if that information transfer falls under another legal framework like the EU-US Privacy Shield. If you don’t have those, then provide a suitable safeguard you have in place to ensure a smooth and safe transfer of information.
Your organization’s legal basis for protecting data
GDPR requires a lawful basis in order to process someone’s personal data. Two of the most common ones are that a person give consent for data processing for a particular purpose (see number 5) or that the processing is needed for a legitimate interest.
Any third party that will also have access to the data and links to their privacy regulations
EDITORIAL NOTE: This article is only meant to be an offering of general advice and assistance. It is not intended to be a substitute for professional legal advice. Always consult with your organization’s legal team before publishing privacy policies, terms and conditions, or other legal documentation.