GDPR Readiness: How GDPR Impacts Privacy Policies

by Sarah Harvey / August 8th, 2018

Privacy Policies and GDPR

Since GDPR has become enforceable, the impact of the law on privacy policies has been quite noticeable. Did you receive an influx of emails from your favorite companies notifying you of updates to their privacy policies? In an effort to create GDPR-compliant privacy policies, many organizations rushed to meet the May 25th, 2018 enforcement deadline. But what are some of the mistakes these companies are making while trying to comply with GDPR? In this webinar, you‚Äôll learn how privacy policies have evolved from pre-GDPR to post-GDPR, examples of what to do and what not to do when developing your external and internal privacy policies, and resources that you can utilize to ensure that your privacy policies are GDPR compliant.

How Does GDPR Impact External Privacy Policies?

The primary intent of GDPR is to ensure that privacy policies are concise and written in clear, plain language. However, in the weeks since GDPR became enforceable, many privacy policies are not meeting these requirements. This may be due to organizations rushing to create what they believe to be GDPR-compliant privacy policies but has resulted in quite the opposite. We’re seeing privacy policies that have a higher reading level, longer word count, and longer reading time, making them much more difficult to understand than before GDPR when into effect.

So, what should your organization be doing to avoid these pitfalls? Focus on readability. It is paramount that your consumers actually able comprehend your privacy policy. If your privacy policy is filled with legalese, is too long, is combined with contracts, or doesn’t reference any conditional terms, you are doing not only a disservice to EU data subjects by failing to comply with GDPR, but you are putting your organization at risk to be hit with the steep fines and penalties for non-compliance.

How Does GDPR Impact Internal Privacy Policies?

Different from the policies that consumers will read, internal privacy policies should be established to inform all employees on how they should interact with personal data. Internal privacy policies are just as important as external privacy policies and should include the following to be GDPR compliant:

  • Data minimization
  • Purpose limitation
  • Confidentiality/Non-disclosure agreements
  • Data Protection Impact Assessment
  • Coordination with designated representatives
  • Records of processing
  • Data subject rights
  • Processor management
  • Training
  • Privacy by default and by design

To learn more about the impact GDPR has on privacy policies, download the full webinar. If you’re in the process of developing your organization’s privacy policy, let us help! Use our free GDPR Privacy Policy Checklist or contact us today to speak to a GDPR expert.