The European Union’s General Data Protection Regulation (GDPR) acted in May 2018. The main goal of the European Union is to introduce this law to give people more control over their personal data. Companies should think carefully about their data protection and privacy practices to fulfill the rules of the GDPR.
In the GDPR, Article 12 is the primary source of guidance on privacy policies. Among other things, it tells us that data processing must include the following;
- Clear and readable language
- Free of cost
- Written: In written form with simple language, and demonstrate in an accessible form – so that your clients can easily read it.
- Comprehensive: Your privacy policies should be very comprehensive and concise so that it covers all policies of your personal data processing activities.
In most cases, privacy laws require your users to inform the following;
- Your business or organization’s name, location, and contact information (email address, phone number etc.)
- What information are you collecting (including names, email addresses, IP addresses, and any other information)
- What procedures are you using to collect their information, such as;
- The reason for collecting this information
- How will you keep their information secure
- Whether to share this information with them, how they can opt out and the results of doing so.
- Any third-party services you are using to collect, process, or store this information (such as email newsletter service or advertising network)
Although the GDPR is complex, there are some elements you should include:
• Who is collecting data: For Article 13, you need to provide “controller identification and contact details and provide applicable controller representative. It refers to your company and the specific person responsible for replying to any inquiries
• Why are you permitted to collect the data: Article 13 acts for six various legal bases upon which you can collect data. Two common reasons are “consent” and “legitimate interests”.
• What are the reasons for collecting the data: Your organization needs to give reasons for collecting the data. The most common reason is sales and marketing.
• What type of data: You must inform users about the data you are collecting, whether it is somewhat tracking information, email addresses or sensitive data.
• Data articles or supplier’s rights: The GDPR requires you to inform the user about its rights, i.e. the right of access, the freedom to amplification, the right to deletion, the right to limit processing, the right to data portability and the right to object.
• How will you tell your users or data suppliers when privacy policies change? The methods of notifying the user about policy changes are convenient. It is one of the most simple needs. You can inform it through website notification.