Transparency is an important topic regarding data privacy protection according to the GDPR and informing the public about how their data are being used are two of the main goals of the GDPR. This document is an example of a website privacy notice and offers more information on how to adjust or write your privacy notice to help you to get your website, web-app, or e-commerce shop to comply with the EU data privacy directive.
What is GDPR?
The EU General Data Protection Regulation came into place in 2018. The regulation, which replaces the 1995 Data Protection Directive, makes changes to the way data is handled and processed in the EU. It is a legal framework that sets the exact guidelines for the collection and processing of personal information from any individuals who live in the European Union (EU).
Why GDPR is important for companies outside the EU?
First of all, GDPR isn’t exclusively enforceable on EU-based companies. The regulation affects organizations both inside and outside of the European Union (EU). Any organization dealing with EU businesses’, residents’, or citizens’ data will have to comply with the GDPR! The regulations makes it very clear that all organizations handling such data will be required to comply, regardless of location or jurisdiction.
Since the Regulation applies regardless of where the organization is based, you will also need to ensure your website is GDPR proof if that website attracts European visitors, even if you don't specifically market goods and/or services to EU citizens.
What is a privacy notice?
The definition of personal data includes names, addresses (physical, IP, and/or e-mail), telephone numbers, date of birth, and financial information, such as debit or credit card details.
How to make a website privacy notice according to the EU General Data Protection Regulation (GDPR) requirements?
Articles 12, 13, and 14 of the GDPR provide detailed instructions on how to create a privacy notice, placing an emphasis on making them easy to understand and accessible. If you are collecting data directly from someone, you have to provide them with your privacy notice at the moment you do so.
If an organization is collecting information from an individual directly, it must include the following information in its privacy notice, such as the identity and contact details of the organization, its representative, and its Data Protection Officer (DPO). According to the GDPR, organizations must provide people with a privacy notice that is:
- In a concise, transparent, intelligible, and easily accessible form
- Written in clear and plain language, particularly for any information addressed specifically to a child
- Delivered in a timely manner
- Provided free of charge
The GDPR also stipulates what information an organization must share in a privacy notice. There is a slight variation in requirements depending on whether an organization collects its data directly from an individual or receives it as a third party. Whether the provision of personal data is part of a statutory or contractual requirement or obligation and the possible consequences of failing to provide the personal data.
Per Article 14(3), if you obtain personal data from a third party, you must communicate the above information to the data subject either: no later than one month after you have obtained the data, at the time you first communicate with the data subject, or before sharing the data with another organization.
GDPR privacy notice best practices
This kind of phrases are better when you want to comply with GDPR:
- “We will retain your shopping history and use details of the products you have previously purchased to make suggestions to you for other products which we believe you will also be interested in” (it is clear that what types of data will be processed, that the data subject will be subject to targeted advertisements for products and that their data will be used to enable this)
- “We will retain and evaluate information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive” (it is clear what type of data will be processed and the type of analysis which the controller is going to undertake)
- “We will keep a record of the articles on our website that you have clicked on and use that information to target advertising on this website to you that is relevant to your interests, which we have identified based on articles you have read” (it is clear what the personalization entails and how the interests attributed to the data subject have been identified)
Is the content above helpfull?
Thanks for letting us know!
Maddie Reilly - USA
Did not know it was so easy to find this document.
Vallie Christian - USA
Margot Massey - USA
Love the way that you website provides what i need
Sarita Small - USA
Anastasia Zavala - USA
Thanks for providing this sample
Erik Lopez - USA
Thanks for providing this document
Delivery Instant Download
Your file will be available for download once payment is confirmed. Here's how.
Our Latest Blog
- Document Editing and Creating in 2022
- How to Create Halloween Party Invitations? 2022
- Is it Good to Write a Cover Letter?
- Rejection Letters - How to Communicate with Unsuccessful Applicants?
We are standing by to assist you. Please keep in mind we are not licensed attorneys and cannot address any legal related questions.