1. Select your industry sector
2. Confirm your business processes
3. Generate your Privacy Policies
4. Our updates keep you in the green
Click here to create your Free GDPRWise account.
Principles for Processing Personal Data
Article 5 of the GDPR contains six principles by which all personal data must be processed.
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality
Types of Personal Information You Handle
Personal data includes things like IP addresses and cookie data, so your website may process personal data from people who will never even contact your business.
Therefore, this part of the Privacy Policies can be split into two parts, such as “data that you give us” and “data that our website collects.”
How You Process Personal Data
Personal information about a person can be used for the following legal reasons:
Consent: Firstly, you have asked them for permission in a GDPR-compliant way.
Contract: You have a contract that says you have to take care of their personal information.
Legal requirement: You would be breaking the law if you didn’t process their personal information.
Vital interests: How you handle their personal information could affect their life, or the life of someone else.
You must use their personal information to do something that is good for the public.
Legitimate Interest: Lastly, you have a good reason to process their personal information, and you’ve done a Legitimate Interests Assessment.
Who You Share Personal Data With
GDPR doesn’t require you to make a list of all the companies with which you share data. Instead, you just need to list the different kinds of businesses (e.g. accounting firm etc).
Also, make sure you check the Terms and Conditions of any company with which you have a Data Processing Agreement.
International Transfers of Personal Data
These 8 rights are:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure (known as “the right to be forgotten”)
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision-making
Our GDPR compliance software for SME can generate all of the documents that the GDPR regulation requires: