The main focus of the General Data Protection Regulation (GDPR) is the protection of personal data and digital privacy.
- What personal information you collect
- How and why you collect it
- How you use it
- How you secure it
- Any third parties with access to it
- How users can control any aspects of this
Privacy Policies tend to be long, dense legal agreements with a lot of detailed information. Your users might feel intimidated by page after page of technical information, which is what the GDPR is working to avoid.
Note that each point doesn’t have to be a separate clause. As long as the information is somewhere in your Policy, it will work.
1. Who your Data Controller is
2. Contact information for the Data Controller
3. Whether you use data to make automated decisions
4. Inform users of the 8 rights they have have under the GDPR
5. Whether providing data is mandatory
6. Whether you transfer data internationally
7. What’s your legal basis for processing data