06 Apr GDPR compliant Privacy Policies
GDPR compliant Privacy Policies
There is a right to be informed with transparent information. In fact, to quote Article 12, you should be informed “in a concise, transparent, intelligible and easily accessible form, using clear and plain language”. So out with the legalese – and I think there are few of us that will mourn that.
Article 13 goes on to be quite specific about information that should be provided. The principles of fairness and transparency boils down to:
- What data are you collecting?
- How is it collected?
- Being clear who is collecting it
- Will data be shared with any other organisation? Who?
- Why are you collecting the data?
- How will you use it?
GDPR has a few different lawful reasons why you can hold personal data. You should explain why you are holding the data, in the context of the lawful basis for holding it. The lawful reason for holding it may broadly be consent, a contract, a legal obligation, vital interests, public task and legitimate interest. Connected to this will be the retention policy and how long information will be kept.
You should explain why you are holding the data, in the context of the lawful basis for holding it
It is a natural extension of being transparent about who you are to explain how data subjects can contact you for further information, subject access requests etc.