How to do it right!
What mistakes should I avoid?
1. no more technical jargon: how to inform in an understandable way!
Article 12 EU GDPR:
“The controller shall take appropriate measures to provide the data subject with all information […] relating to the processing in a precise, transparent, intelligible and easily accessible form, using clear and plain language.”
This means that only if the information is presented in an easily digestible way and formulated in a way that is easy to understand, can the privacy statement fulfill its actual function.
The grandparent test for privacy statements:
Potentially the biggest challenge for companies is telling users how their data will be treated in privacy policies in a way that is easy for users to understand, yet goes far enough to protect the company from potential litigation.
“Do what you say, and say what you do.”
Who should sign off on the privacy statement?
A company’s CEOs and board should have the final say. However, the content should be drafted in advance by a lawyer or data protection officer. The IT team and sales department will also come into contact with and use customer data at some point. Therefore, it is best practice for them to provide input on the policy or at least review a draft to ensure that what is communicated about company practices is consistent with their department’s data use.
Be as specific as possible in describing your data handling practices, and then make sure that the rest of the company’s practices do not deviate from those descriptions.
Check your Website Compliance
Take the test with our free quick scanner!
CREATING A PRIVACY STATEMENT: THIS IS HOW IT'S DONE
TIPS YOU SHOULD CONSIDER:
Then feel free to call us. We will help you with questions about our product and features or generally about all data protection topics: