Under GDPR, Every website probably needs a GDPR Privacy Notice or Policy.
But what do you need to include, to comply with UK and European Data Protection laws, such as GDPR and DPA?
We’ve listed the top things youll find in GDPR below.
To read the actually legislation, which is sometimes a bit hard going, have a look here.
- The identity and the contact details of the controller
- The local representative where applicable
- The contact details of the data protection officer where applicable
- The intended purposes of the processing
- The legal basis for the processing
- The legitimate interests pursued by the controller or by a third party where applicable
- The recipients or categories of recipients
- Any intended restricted international B2B transfers of data (e.g. to US) and the safeguards (e.g. SCC or IDTA)
- The period data will be stored or the criteria used to determine that period
- The data subjects’ rights
- Whether data is needed for legal or contractual reasons, and the consequences of not providing that data
But, with all that said, the most important question is, if you take an objective view or have third parties read the privacy notice, can they clearly see how you are processing personal data for different reasons. Can you answer “why is what data being processed by who”?
Want to know more, or need a hand with GDPR, privacy, information security, compliance or risk management?
Give us a bell on 0800 292 2126 or just send us a message: