• how to create privacy policy for website

    A privacy policy is a legal statement manifests the purpose of collection and use of personal data by an organisation. The purpose of the privacy policy is to ensure transparency by disclosing certain information and obtain the informed consent of the users whose data is being collected.

    The Importance of a privacy policy

    The right to privacy and data protection is the hallmark of a democratic society. Ever since GDPR has launched, organisations are becoming more aware of the rights of individuals. Businesses, collect and use personal data need to be clear about their motives.

    The privacy policy is essential than ever before. Organisations are now required to ensure that their data collection practices are compliant with the GDPR. An organisation with no privacy policy is non-compliant with Article 13 and 14 of the GDPR; hence, it could face legal action.

    Why do you need a privacy policy?

    Nowadays, organisations collect a whole range of personal information, both personal and non-personal. The data items, for example, names, addresses, email addresses contact information etc. satisfy the definition of personal data and hence fall under the scope of GDPR.

    If you are operating your business within the EU and have clients, users or members in the EU, you must comply with provisions of the GDPR to avoid violations of the law.

    The GDPR requires companies to be transparent. They must ensure what they do with this data, how the data is gathered and make sure that it is processed in a fair and transparent manner. It is imperative to publish a privacy policy so that visitors and users of the website can make an informed decision while providing their personal data.

    What is the GDPR compliant website privacy policy?

    The GDPR has created a whole range of privacy rights and protections for individuals and consequently the organisations are obliged to become compliant or face legal action.  A GDPR compliant privacy policy fulfils all the requirements of Article 13 and 14. These requirements are presented in detail in the coming sections of this post.

    What, When and How of a privacy policy

    What

    You need to assess your data processing operations and decide on the following crucial factors forming the heart of privacy policy as laid out in Article 13 and 14 of the GDPR.

    1. The identity and contact details of your organisation
    2. The identity and contact details of your Data Protection Officer, if you have one
    3. The categories of personal data involved
    4. The purpose of processing each category of personal data
    5. The legal bases for each stated legal purpose
    6. If you rely on “legitimate interest” as the lawful basis of processing, clearly state those legitimate interests.
    7. The fact that you share or intend to share personal data with other entities, or affiliate organisations in your group
    8. The likely retention period of the data
    9. The existence of the rights of data subjects and how they can exercise their rights
    10. If you rely on “consent” as the legal basis of processing, the existence of the right to withdraw consent at any time
    11. Whether you use personal data for profiling and automated decision making. Provide detailed reasons behind such processes, and their importance and consequences.
    12. The clarity in the personal data of the children, how the consent will be taken.
    13. Explicitly state about the use of third-party website links.
    14. The Details confirmation regarding cookies, in case used on your website. How it works and what information is extracted.
    15. Clear advise to the data subjects about “right to complain” to the Data Protection Authority.

    When

    Article 13(1) and (2) of the GDPR says that the data controllers must publish the necessary information at the time the data is being collected. In case of a website, the visitors must be able to easily access and comprehend the privacy policy before you ask them to provide any personal information.

    You need to regularly update your privacy policy if any change happens in the scope and extent of your data processing activity, for example:

    • Categories of personal data are expanded to include more data items and/or include the gathering of special categories of personal data.
    • If you find out that the information is being used for unanticipated, unintended purpose
    • You intend to share data with third-party (any) that users
    • You intend to transfer personal data outside the EU
    • You employ a third party data processor

    How

    Organisations should understand the importance of having a privacy policy.

    • Transparent
    • Easy to understand
    • Concise and of clear language
    • Easily accessible
    • Free of charge
    • Adopting a clear strategy for communication between parties
    • Avoiding the use of false or misleading information

    What to do now?

    • Organisations should understand the importance of having a privacy policy. If you do not have a privacy policy, we strongly advise you to put one in place. Evaluate your data processing operations and draw up a GDPR compliant privacy policy.
    • If you have a privacy policy, review and update it accordingly. With the requirements of Article 12, 13 and 14 of the GDPR. Refer to “What, When and How” section of this post for detailed guidance.

    Seers also provide expert advice, GDPR consultation and guidance in drafting privacy policies. If you are looking up to some help or guidance about the privacy policy, then feel free to contact us.

    Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

    Free Cookie Audit

    Protect yourself. Get Compliant fast.
    Scan & Audit your Cookies - Fully customisable
    Cookie Consent Banner & create a Cookie
    Policy for FREE