The General Data Protection Regulation (GDPR) is a European privacy law that goes into effect on May 25, 2018. GDPR sets new standards for EU companies about how companies collect personal data and alert users about privacy information.
To prepare for the coming changes, many businesses located in the EU or have European clients may need to update their privacy policies so they can adhere to the new regulations.
Note: This resource does not constitute legal advice nor provide specific instructions on what your particular business should do. It is merely provided as a courtesy to give you an overview of GDPR and Privacy Policies. We are not based in the EU, nor are we legal experts! Please check specific GDPR requirements here: https://gdpr-info.eu/
Article 12 of the GDPR states that you need to deliver this information to clients in a way that is:
Concise, transparent, intelligible and easily accessible;
In clear and plain language; and
Free of charge.
For example, happens if you have a data breach? As a small business owner, you may have never thought about this! But planning your response now will allow you to act quickly and appropriately if something ever were to happen.
Plus, now that privacy policies must be clear, concise, and intelligible, people will be able to understand how their data is used… which is good for everybody!
In summary, GDPR asks you to disclose the following:
What personal information you collect
How and why you collect this data
How data is used
How data is secured
If you share or sell data to any third parties
How users can get information about the data you have on them, raise a complaint, control how their data is used, or ask to be forgotten
All of this should be described in a way that is easy for the average person to understand. This information must be readily available for customers to access. Your goal is to make this information as easy to find, read, and understand as possible.
(For full detail about what should be included, please refer to articles 13 and 14 of the GDPR. In addition, the ICO provides a great summary and resources for what you should include and disclose to customers.)
The Information Commissioner’s Office
ICO: Privacy Notice Checklist
ICO: Good And Bad Examples Of Privacy Notices
Full text of the GDPR