Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GDPR Privacy Policy


Published on

One of the most important aspects of GDPR compliance is your Privacy Policy.

The GDPR has increased requirements for Privacy Policies, as well as for getting consent for your Policy terms. Learn more in this informative presentation.

Read our related blog post here:

Published in: Law
  • Login to see the comments

  • Be the first to like this

GDPR Privacy Policy

  1. 1. GDPR Privacy Policy
  2. 2. The General Data Protection Regulation (GDPR) took effect on May 25, 2018. If the GDPR applies to you, you’ll need to make sure your Privacy Policy is updated. UPDATE
  3. 3. Who the GDPR Applies to
  4. 4. The GDPR will apply to your business if you: Offer products or services to EU citizens, or Collect personal information from EU citizens
  5. 5. Note that it doesn’t matter where your business is located/headquartered. If you meet either of these criteria, the GDPR applies to you.
  6. 6. For example, a U.S.-based business that simply collects email addresses from users in the EU will fall under the scope of the GDPR. @
  7. 7. What the GDPR Requires
  8. 8. (1) Link to (2) Link to (3) Link to The GDPR comes with a number of enhancements to the current privacy law in the UK - the Data Protection Directive. New responsibilities (1) for Data Controllers Data Processors (2) are now covered by the law The new role of Data Protection Officer (3) has been created
  9. 9. The main focus of the GDPR is the protection of personal data and digital privacy. Users must be provided with thorough information about how their personal data is processed. Here’s where your Privacy Policy comes in.
  10. 10. GDPR-Compliant Privacy Policy
  11. 11. (4) Link to Article 12 of the GDPR (4) requires that you communicate information about your processing of personal data in a way that’s: Concise Transparent In clear and plain language Intelligible Easily accessible Free of charge
  12. 12. Most Privacy Policies tend to be long and dense, filled with legal jargon and less than clear for most readers. The GDPR is working to avoid this.
  13. 13. Update your Privacy Policy by: Cutting out legalese Simplifying overly technical information Using short, clear sentences Writing with your average user in mind
  14. 14. In addition to the standard required components of your Privacy Policy (5), your GDPR-compliant policy will need to disclose more information. (5) Link to
  15. 15. The following 6 concepts must be covered somewhere in your Privacy Policy. They can be separate, standalone clauses, or integrated into other existing clauses. Just make sure you have the information somewhere in your Policy.
  16. 16. 1. Who is your data controller? The data controller is the party in charge of deciding what personal data is collected. Let users know if this is your business or if someone else is responsible for making this important decision. In most cases, it will be your company.
  17. 17. Make sure your users have a way to contact you. This is a fast, easy and important update to make to your Privacy Policy if needed. 2. Your contact information and your DPO’s contact information, if applicable
  18. 18. If you have a Data Protection Officer (DPO), include contact information for this individual as well.
  19. 19. (6) Link to 3. The 8 rights of users under the GDPR Inform users of these 8 rights (6). They don’t have to be explicitly listed out in your Privacy Policy, but each point should be addressed somewhere within it.
  20. 20. The 8 rights of users: Right to be informed Right of access Right of rectification Right to erasure Right to restrict data processing Right to data portability Right to object Rights of automated decision-making and profiling
  21. 21. Twitter includes a separate chapter in its Privacy Policy to address some of these rights:
  22. 22. Let users know what purposes you use collected data for, such as for communication and billing. 4. Your purposes for collecting the data
  23. 23. Let users know if you transfer their personal data to a different country. Include a description and explanation of suitable safeguards you have in place for the transfer, and how users can obtain a copy of them. 5. Do you transfer data internationally?
  24. 24. The GDPR provides 6 lawful bases (7). You’ll likely satisfy this requirement in your clause that covers what data you collect and how you use it. 6. Your legal basis for processing data (7) Link to
  25. 25. For example, you collect email addresses for communication purposes, financial information for payment purposes, place cookies to remember passwords and user preferences, etc.
  26. 26. Getting Agreement and Consent to your Privacy Practices
  27. 27. Whenever you get consent, use checkmark boxes or another active method of clickwrap (8). (8) Link to
  28. 28. Have Privacy Notices
  29. 29. Because the GDPR focuses on creating transparency and understanding for users, having Privacy Notices will help you be GDPR-compliant.
  30. 30. A Privacy Notice is a short, concise notice that helps users understand why you’re requesting their personal data. They should be available at the point where you’re requesting to collect the data.
  31. 31. The GDPR requires your Privacy Policy to be more informative. However, it requires that you provide this information in a simplified, clear way.
  32. 32. Review the language in your Privacy Policy and drop the legalese. Make it be easy to understand by your average user Update your Privacy Policy with the additional information required by the GDPR Use clickwrap when getting agreement and consent Add Privacy Notices to help users understand what they’re consenting to To summarize: