Privacy Policies and GDPR
Since GDPR has become enforceable, the impact of the law on privacy policies has been quite noticeable. Did you receive an influx of emails from your favorite companies notifying you of updates to their privacy policies? In an effort to create GDPR-compliant privacy policies, many organizations rushed to meet the May 25th, 2018 enforcement deadline. But what are some of the mistakes these companies are making while trying to comply with GDPR? In this webinar, you’ll learn how privacy policies have evolved from pre-GDPR to post-GDPR, examples of what to do and what not to do when developing your external and internal privacy policies, and resources that you can utilize to ensure that your privacy policies are GDPR compliant.
How Does GDPR Impact External Privacy Policies?
The primary intent of GDPR is to ensure that privacy policies are concise and written in clear, plain language. However, in the weeks since GDPR became enforceable, many privacy policies are not meeting these requirements. This may be due to organizations rushing to create what they believe to be GDPR-compliant privacy policies but has resulted in quite the opposite. We’re seeing privacy policies that have a higher reading level, longer word count, and longer reading time, making them much more difficult to understand than before GDPR when into effect.
How Does GDPR Impact Internal Privacy Policies?
Different from the policies that consumers will read, internal privacy policies should be established to inform all employees on how they should interact with personal data. Internal privacy policies are just as important as external privacy policies and should include the following to be GDPR compliant:
- Data minimization
- Purpose limitation
- Confidentiality/Non-disclosure agreements
- Data Protection Impact Assessment
- Coordination with designated representatives
- Records of processing
- Data subject rights
- Processor management
- Privacy by default and by design