- The General Data Protection Regulation (GDPR) applies if you, the person the data is about, or the processing itself, is in a European Union country. It specifically requires you to publish certain information. Not doing so could also invalidate user consent that you may rely on to lawfully process personal data.
- What data you collect. Usually, you can list broad categories (such as “email address” or “precise location”) and then tell individuals about any specific extra information.
- How you use the data. Many laws say you must explain why you are using data and then only use it for that purpose.
- Whether you share the data. This can include selling data and sharing it with sister companies. If you send data to another country, you should say whether you’ve taken extra steps to make sure the person’s privacy rights remain protected.
- How people can access the data you hold about them. You’ll need clear contact details and an explanation of what information they can request. Most laws say people have the right to correct any mistakes and ask you to delete irrelevant or outdated data.
- How you protect the data. You should list the physical, technical and organizational measures you use to protect against unauthorized access, deletion or alteration.
Your Next Steps
- Privacy Policies
- Free Private Policy
Further reading and resources: