(1) Link to https://termsfeed.com/blog/gdpr-compliance-plan/#Requirements_for_GDPR_Data_Controllers
(2) Link to https://termsfeed.com/blog/gdpr-compliance-plan/#Requirements_for_GDPR_Data_Processors
(3) Link to https://termsfeed.com/blog/data-protection-officer-dpo/
The GDPR comes with a number of enhancements
to the current privacy law in the UK - the Data
New responsibilities (1) for Data Controllers
Data Processors (2) are now covered by the law
The new role of Data Protection Officer (3) has
The main focus of the GDPR is the protection of
personal data and digital privacy.
Users must be provided with thorough information
about how their personal data is processed.
(4) Link to https://gdpr-info.eu/art-12-gdpr/
Article 12 of the GDPR (4) requires that
you communicate information about your
processing of personal data in a way
In clear and plain language
Free of charge
Most Privacy Policies tend to be long and
dense, filled with legal jargon and less than
clear for most readers.
The GDPR is working to avoid this.
Cutting out legalese
Simplifying overly technical information
Using short, clear sentences
Writing with your average user in mind
In addition to the standard required components
policy will need to disclose more information.
(5) Link to https://termsfeed.com/blog/gdpr-privacy-policy/#Have_a_Privacy_Policy
The following 6 concepts must be covered
They can be separate, standalone clauses,
or integrated into other existing clauses.
Just make sure you have the information
somewhere in your Policy.
1. Who is your data controller?
The data controller is the party in charge of
deciding what personal data is collected.
Let users know if this is your business or if
someone else is responsible for making
this important decision.
In most cases, it will be your company.
Make sure your users have a way to
This is a fast, easy and important
2. Your contact information and your
DPO’s contact information, if applicable
If you have a Data Protection Officer (DPO),
include contact information for this individual
(6) Link to https://www.vividfish.co.uk/blog/gdpr-8-rights-under-gdpr
3. The 8 rights of users under the GDPR
Inform users of these 8 rights (6).
They don’t have to be explicitly listed out in
be addressed somewhere within it.
The 8 rights of users:
Right to be informed
Right of access
Right of rectification
Right to erasure
Right to restrict data processing
Right to data portability
Right to object
Rights of automated decision-making
address some of these rights:
Let users know what purposes you
use collected data for, such as for
communication and billing.
4. Your purposes for collecting the data
Let users know if you transfer their
personal data to a different country.
Include a description and explanation
of suitable safeguards you have in
place for the transfer, and how users
can obtain a copy of them.
5. Do you transfer data internationally?
The GDPR provides 6 lawful bases (7).
You’ll likely satisfy this requirement in
your clause that covers what data you
collect and how you use it.
6. Your legal basis for processing data
(7) Link to https://gdpr-info.eu/art-6-gdpr/
For example, you collect email addresses for communication purposes,
financial information for payment purposes, place cookies to remember
passwords and user preferences, etc.
Getting Agreement and
Consent to your Privacy
Whenever you get consent, use
checkmark boxes or another active
method of clickwrap (8).
(8) Link to https://termsfeed.com/blog/examples-click-accept/
Because the GDPR focuses on creating
transparency and understanding for users,
having Privacy Notices will help you be
A Privacy Notice is a short, concise notice that
helps users understand why you’re requesting
their personal data.
They should be available at the point where
you’re requesting to collect the data.
be more informative.
However, it requires that you provide this
information in a simplified, clear way.
drop the legalese. Make it be easy to understand
by your average user
information required by the GDPR
Use clickwrap when getting agreement and
Add Privacy Notices to help users understand
what they’re consenting to