What to Include in a GDPR Privacy Policy · PrivacyTerms.io (2024)

Table of Contents
What is a Privacy Policy? What to Include in a GDPR compliant Privacy Policy Table of Contents Data Collection Personally Identifying Information Non Personally Identifying Information Cookies Your Data Protection Rights Data Processing Fee Contact details How to contact the data controller How to Contact data protection officer Conclusion Disclaimer Related posts: References

You know you need a Privacy Policy and you think you also need to be compliant with GDPR. So what are the requirements of a GDPR Privacy Policy?

The exact content of your websites Privacy Policy will be determined by the type of business you are running. However all Privacy Policies do require these things in order to be GDPR compliant: an outline of what personal data your company collects, why you collect that data, who the data may be shared with, where it is stored, and how it is kept protected. It must also ensure that users are made aware of all of their rights when it comes to their personal data.

What to Include in a GDPR Privacy Policy · PrivacyTerms.io (1)

On this page

What is a Privacy Policy?

A Privacy policy is a legal document. It is an agreement between you and your user hat outlines what data you collect from them, and how and why you collect their personal data. It also explains where and how the data is stored and what security measures you have in place to protect the data.

There are international privacy laws that your privacy policy should comply with. For further information read on international laws, read our article: International privacy laws

What to Include in a GDPR compliant Privacy Policy

To understand what is required in a GDPR compliant privacy policy you need to know what GDPR is. GDPR stands for the General Data Protection regulation which the EU put in place to protect the rights of its residents and citizens and their personal data. It is a law For an in depth look into the GDPR read our article GDPR Compliance and Checklist.

See Also
21 Best Privacy Policy Examples (+ Free Template) — Updated!How to Write a Privacy Policy in 10 Easy Steps [With Tips]9 Things to Include in a Privacy PolicyHow to Write an Effective Privacy Policy to Protect Your Business

Here is a list of the sections and clauses that your GDPR Privacy Policy need to include:

  • Table of Contents
  • Data Collection
  • Personally Identifying Information'
  • Non-Personally Identifying Information
  • Cookie Policy
  • Data Protection Rights (Under GDPR)
  • Data Protection Fee
  • Policy Changes
  • Contact Information
  • How to Contact Data Controller
  • How to Contact Data Protection Officer

Table of Contents

What to Include in a GDPR Privacy Policy · PrivacyTerms.io (2)

Data Collection

A clear explanation of what kind of data will be collected from the user is a must in order to be GDPR compliant. It is also required that you include how the data is collected, where the data is stored and processed and how long the data is retained. Another aspect of data collection to include is the security measures you have implemented to protect your users personal data.

Personally Identifying Information

Your Privacy Policy needs to explain what Personally Identifying Information (PII) is. Let your users know what types of PII your company/website collects (example: Full name, Street Address, birthdate). It is also required for you to explain:

  • how the information collected is used
  • whether the information may be disclosed to third parties
  • and if so who, how the user can opt in or opt out of personal information collection
  • how they can update, restrict or delete their personal information
  • how they can request erasure of their personal information.

Non Personally Identifying Information

Your company/website may also collect Non Personally Identifying Information like education status, geo location or IP address. A Privacy Policy needs to contain information about what type of Non-Personally Identifying Information you collect and how you may use this information also.

Cookies

Your Privacy Policy should have a section explaining Cookies. What is a cookie? and how does it enables certain functions on your website? What types of cookies does your website use and what are they used for? and how can your users opt out of them if they wish?

Your Data Protection Rights

In alignment with the GDPR, see our article on it here, you must outline the data protection rights of your users/customers.

The rights are as follows:

  • to be informed: Your users have the right to be know about how you collect and use their personal data. This is a major requirement under the GDPR to promote transparency. Users must be provided information of Privacy at the time their personal data is collected.
  • of access: Your users have the right to access their data at any time, they can request this either verbally or through writing to you. You have a one month time period in which you must respond to the request.
  • rectification: Users of your website have the right to have any inaccuracies in their personal data changed. This can be done through a verbal or written request and you have one calendar month in which to respond.
  • to be forgotten: Under the GDPR users have the right to have their personal data erased. This right can also be known as the right to erasure. Once again users can make this request either verbally or through writing and you have a month is which to respond to the request.
  • restrict processing: users have the right to request that you do not process their personal data. The can make this request either verbally or in writing and you need to respond within one calendar month. However the right to have personal data restricted only applies in certain circ*mstances.
  • object to processing: Your users have the right to object to their personal data being used for the purpose of direct marketing. They can also request that you stop processing their personal data and there are some circ*mstances in which this applies. These circ*mstances are if the processing is for :" a task carried out in the public interest; the exercise is of official authority vested in you; or your legitimate interests (or those of a third party)."
  • data portability: this right allows your users to have access to their personal data so they can use it for their own purposes. They can move this data from one IT environment to another safely and securely.
  • to object to automated processing: Your users are able to object to the processing of their personal data that is processed without human involvement by automated means.

Data Processing Fee

You must let your users/customers know if there may be a processing fee for any of their requests involving their data. In most cases a fee won't apply but you must inform them of the chance there may be one.

See Also
How To Write a Privacy Policy in 9 Easy Steps

Contact details

You must put the company contact details in your privacy policy statement in order for your users to be able to contact you easily.

How to contact the data controller

Under the GDPR you must have contact details for the data controller officer (if you have one) made available in your Privacy Policy.

How to Contact data protection officer

Contact detail for the data protection officer (if you have one) are to be made available in your privacy policy under the GDPR.

Conclusion

To ensure your Privacy Policy complies with the GDPR your users need to be informed about their rights in relation to the personal data you are collecting form them. The Privacy Policy must include information on what personal data you collect, how you use it, how you collect it, why you collect it, where it is stored and how it's kept secure.

Disclaimer

The information in this article is for informational purposes only and should not be construed as legal advice on any matter and does not create a lawyer-client relationship

Related posts:

  1. GDPR Compliance and your Privacy Policy
  2. The 7 Key Principles of GDPR
  3. What Does it Mean to be GDPR Compliant?
  4. Privacy Law: A quick look at the major online privacy laws (part 1)
What to Include in a GDPR Privacy Policy · PrivacyTerms.io (2024)

References

Top Articles
Danish Kringle Recipe
Single orca seen killing great white shark for first time ever
Spirit Burst Poe
417-990-0201
Search Results - Obituaries published on Winnipeg Free Press Passages
Search Results - Obituaries published on Brandon Sun Passages
3058 Littleton Ln, Roseville, CA 95747 | HotPads
521 4th St, West Sacramento, CA 95605 | HotPads
Greensboro: Skip The Games, Live The Experiences
The Ultimate Guide To Skipping The Games In Fayetteville
PNC übertrifft Gewinnschätzungen mit Auflösung von Kreditrückstellungen und sieht Gewinne im zweiten Quartal
PNC Bank CD Rates for July 2024
Latest Posts
Brötchen (German Bread Rolls) - Recipes From Europe
Typical anatomy of sharks
Article information

Author: Duane Harber

Last Updated:

Views: 6692

Rating: 4 / 5 (51 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Duane Harber

Birthday: 1999-10-17

Address: Apt. 404 9899 Magnolia Roads, Port Royceville, ID 78186

Phone: +186911129794335

Job: Human Hospitality Planner

Hobby: Listening to music, Orienteering, Knapping, Dance, Mountain biking, Fishing, Pottery

Introduction: My name is Duane Harber, I am a modern, clever, handsome, fair, agreeable, inexpensive, beautiful person who loves writing and wants to share my knowledge and understanding with you.