5 reasons why you need a GDPR-compliant privacy policy, and where to get one

5 reasons why you need a GDPR-compliant privacy policy, and where to get one

So far, not enough attention has been placed on the need to update your privacy policy for the GDPR. We explain why that’s wrong, and set out 5 reasons why it should be at the top of your GDPR preparation list.

Updating your website’s privacy policy is a crucial step for achieving GDPR compliance – you simply cannot be GDPR-compliant without one. This article sets out 5 reasons why it’s so important to have a GDPR-compliant privacy policy and includes a unique discount code at the end for a recommended GDPR-compliant website documentation provider.

Much of the focus of GDPR related articles has so far been on the new concepts it introduces, such as data breach reporting, pseudonymisation, privacy impact assessments and privacy by design. Less focus, however, has been placed on more seemingly straightforward obligations, such as updating your website’s privacy policy (or putting one in place if you do not already have one).

Further consideration of the nature of a website privacy policy and the legislation itself quickly reveals why this analysis is incorrect and why updating your website’s privacy policy is one of the most important and cost-effective steps your business can take to prepare for the GDPR. Here are the 5 reasons:

It’s public

Your website is one of the few parts of your business affected by the GDPR which is public and therefore visible for anyone to see. This includes not only the Information Commissioner’s Office (ICO) itself, but also your customers and competitors, any one of whom could report you to the ICO for non-compliance, and the ICO is obliged to act on complaints they receive.

Highest fines

Failing to have a privacy policy, or having a non-compliant privacy policy is specified by Article 83(5)(b) of the GDPR as one of the breaches that should attract the highest fines of up to €20,000,000 or 4% of turnover, so if fines are your main concern, this is one of the most important obligations to get right. In fact, it exceeds the fines for failing to introduce data protection by design and by default into your business!

Easy to get wrong and for a breach to be shown

Because the GDPR’s requirements for privacy policies (Articles 12 to 22) are both general and prescriptive, they are very challenging to satisfy. Moreover, failure to meet a single requirement is an instant breach of the GDPR and, unlike many of the GDPR’s other requirements, can easily and instantly be proven.

Facebook has just been fined €1,200,000, in part for failing to be transparent in their privacy policy about how they use and collect user’s data (and this is before the GDPR has even come into effect).

Moreover, an international investigation into privacy policies (including by the ICO) has found them to be ‘too vague’ and ‘generally inadequate’.

Affordable, high quality solutions are available

Despite being one of the most important obligations the GDPR introduces, it is also (fortunately) one of the most-cost effective to meet. For £100 or less, you can obtain high-quality GDPR- compliant documentation for your website that can be adapted to work for your business. This is a fraction of what it generally costs to comply with the GDPR’s other obligations or to have a solicitor prepare such documentation for you, either of which can easily run into the £1000s. But be equally wary of cheap or free online ‘privacy policy’ sellers. Most are incomplete, non-compliant, overly technical, or simply impossible to adapt to the specific requirements of individual businesses, nor have they ever been reviewed or approved by a solicitor, which is a key point to check.

What it says about your business

Failing to have a GDPR compliant privacy policy sends completely the wrong message about your organisation and the GDPR, suggesting publicly that you are either unaware of, or do not understand, its requirements and raises questions about whether you have implemented steps to meet its other, more onerous obligations (regardless of whether you have or not). Conversely, GDPR-compliant website documentation demonstrates to everyone that your business is up-to-date, that it cares about its customers and their privacy, and that it has visibly taken steps to comply with the new regime, which is a big part of what the GDPR is about.

If you have any questions about preparing your website for the GDPR or updating your privacy policy, please get in touch with us directly. We have data protection specialists who can assist.

GDPR Privacy Policy is a leading provider of GDPR-compliant website documentation. For £10 off their website documentation package (including a privacy policy) simply enter the word TEISS as the coupon code at the checkout when you purchase the documentation on their website.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]