GDPR Compliant Privacy Policy Template
What is a GDPR Privacy Policy?
A GDPR Privacy Policy is the policy that says how you collect, and use, user data in line with the requirements of the GDPR.
Moreover, a Privacy Policy is required by many privacy laws. Therefore, under GDPR, it’s one of the most important documents your business needs to have. Additionally, it’s the only way to show your customers, and the government, that you care about keeping their information safe. This is why the GDPR compliant Privacy Policy template is so important to have.
Why is a GDPR compliant privacy policy so important?
Besides, your business can show customers that they can trust you with their personal information if you have a Privacy Policy. It’s also a chance to find out how much personal information your company has, and if it follows the law when it comes to protecting that information.
GDPR Compliant Privacy Policy Template
Our GDPR Compliant Privacy Policy template generated by our GDPR compliance software, will allow you to generate a privacy policy for your business site. Follow these few easy steps:
1. Select your industry sector
2. Confirm your business processes
3. Generate your Privacy Policies
4. Our updates keep you in the green
Our Privacy Policy Generator makes it easy to create a Privacy Policy for your small and medium business. We have done 80% of the work, you just have to validate and refine.
Click here to create your Free GDPRWise account.
Let’s look at what you’ll need to include in your GDPR compliant Privacy Policy template.
Introduction
Firstly, you should start your Privacy Policy with a short description of your company and what your Privacy Policy is. Enter the date when the Privacy Policy starts to apply (the “effective date”).
Definitions
To make your Privacy Policy easier for the average person to read and understand, make sure to define any terms that might not be clear, or that have very specific legal meanings, that might not be obvious, or widely known.
Article 12 of the GDPR says that your Privacy Policy needs to be written in clear, simple language. Because of this, you should try, as much as possible, to avoid using legal terms.
Still, it might not always be possible to avoid. So, you should have a section in your GDPR Privacy Policy Template, where you explain what key terms mean.
Principles for Processing Personal Data
Article 5 of the GDPR contains six principles by which all personal data must be processed.
They are:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
Types of Personal Information You Handle
Inform your users in your Privacy Policy what personal information you collect and how you use it.
Personal data includes things like IP addresses and cookie data, so your website may process personal data from people who will never even contact your business.
Therefore, this part of the Privacy Policies can be split into two parts, such as “data that you give us” and “data that our website collects.”
How You Process Personal Data
The “purpose limitation” and “data minimisation” principles say that you should only use personal information when you have a legitimate reason. And in your Privacy Policy, you must say why you want to process personal data.
Personal information about a person can be used for the following legal reasons:
Consent: Firstly, you have asked them for permission in a GDPR-compliant way.
Contract: You have a contract that says you have to take care of their personal information.
Legal requirement: You would be breaking the law if you didn’t process their personal information.
Vital interests: How you handle their personal information could affect their life, or the life of someone else.
You must use their personal information to do something that is good for the public.
Legitimate Interest: Lastly, you have a good reason to process their personal information, and you’ve done a Legitimate Interests Assessment.
Your Privacy Policy must specify the legal grounds for processing.
Who You Share Personal Data With
Under the GDPR, you can share personal information as long as you are honest about it and you have a good reason to do so. Moreover, in your Privacy Policy, you should say who and how you share personal information.
GDPR doesn’t require you to make a list of all the companies with which you share data. Instead, you just need to list the different kinds of businesses (e.g. accounting firm etc).
Also, make sure you check the Terms and Conditions of any company with which you have a Data Processing Agreement.
International Transfers of Personal Data
Moreover, if you send personal information from a country outside the EU, your Privacy Policy needs to state so.
Under the GDPR, you can only send personal information, outside of the EU, if you have a valid reason. Furthermore, in this part of your Privacy Policy, you should explain how you proceed with international data transfers.
Data Rights
The GDPR gives people eight rights about how their personal data is used. Therefore, your Privacy Policy should inform users what rights they have, and how to use the rights.
These 8 rights are:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure (known as “the right to be forgotten”)
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision-making
Changes to Your Privacy Policy
Additionally, people should know that you might need to change your Privacy Policy and how you’ll inform them. Hence, your Privacy Policy should be easy for everyone who interacts with your business to see and read.
So, you might not need your customers to “agree” to your Privacy Policy the same way they agree to your Terms and Conditions, or Returns and Refunds Policy, but you should try to make sure they’ve read it. You can also ask for proof that it was done.
GDPR Compliant Privacy Policy on Your Website
Include a link to your Privacy Policy in a footer that appears on every page of your website. It can be placed alongside other policies, such as your Terms and Conditions and Acceptable Use Policy.
GDPR Compliant Privacy Policy Template – drafting a GDPR Policy template for your company is a complex task, therefore consider using our GDPR compliance tool, to make it easier. In a few easy steps get your compliant GDPR Privacy Policy template ready to implement on your site. Thanks to our GDPR compliance generator, it’s easy.
Our GDPR compliance software for SME can generate all of the documents that the GDPR regulation requires:
Your Privacy Policy which should be put on your website, Privacy Policy for your employees that should be in a separate file, a Data Sharing Agreement and a GDPR Register.