5 reasons why you need a GDPR-compliant privacy policy, and where to get one -TEISS: Cracking Cyber Security

Knowledge Base / 5 reasons why you need a GDPR-compliant privacy policy, and where to get one

5 reasons why you need a GDPR-compliant privacy policy, and where to get one

So far, not enough attention has been placed on the need to update your privacy policy for the GDPR. We explain why that’s wrong, as well as 5 reasons why it should be at the top of your GPDR preparation list.

Updating your website’s privacy policy is a crucial step for achieving GDPR compliance - you cannot be GDPR-compliant without one. This article sets out 5 reasons why it’s so important and includes a unique discount code at the end for a recommended GDPR-compliant website documentation provider.

Much of the focus of GDPR related articles has so far been on the new concepts it introduces, such as data breach reporting, pseudonymisation, privacy impact assessments and privacy by design. Less focus has been placed on more seemingly straightforward obligations, such as updating your website’s privacy policy (or putting one in place if you do not already have one).

Further consideration of the nature of a website privacy policy and the legislation itself quickly reveals why this analysis is incorrect and why updating your website’s privacy policy is one of the most important and cost-effective steps your business can take to prepare for the GDPR. Here are the 5 reasons:

It’s public

Your website is one of the few parts of your business affected by the GDPR which is public and therefore visible for anyone to see. This includes not only the Information Commissioner’s Office (ICO) itself, but also your customers and competitors, any one of whom could report you to the ICO for non-compliance, and the ICO is obliged to act on complaints they receive.

Highest fines

Failing to have a privacy policy, or having a non-compliant privacy policy is specified by Article 83(5)(b) of the GDPR as one of the breaches that should attract the highest fines of up to €20,000,000 or 4% of turnover, so if fines are your main concern, this is one of the most important obligations to get right. In fact, it exceeds the fines for failing to introduce data protection by design and by default into your business!

Easy to get wrong and for a breach to be shown

Because the GDPR’s requirements for privacy policies (Articles 22 to 22) are both general and prescriptive, they are very challenging to satisfy. Moreover, failure to meet a single requirement is an instant breach of the GDPR and, unlike many of the GDPR’s other requirements, can easily and instantly be proven.

Facebook has just been fined €1,200,000, in part for failing to be transparent in their privacy policy about how they use and collect user’s data (and this is before the GDPR has even come into effect).

Moreover, an international investigation into privacy policies (including by the ICO) has found them to be ‘too vague’ and ‘generally inadequate’.

Despite being one of the most important obligations the GDPR introduces, fortunately, it is also one of the most-cost effective to meet. For £100 or less, you can obtain high-quality GDPR- compliant documentation for your website that can be adapted to work for your business. This is a fraction of what it generally costs to comply with the GDPR’s other obligations or having a solicitor prepare such documentation for you, either of which can easily run into the £1000s. But be equally wary of cheap or free online ‘privacy policy’ sellers. Most are incomplete, non-compliant, overly technical, or simply impossible to adapt to the specific requirements of individual businesses (and have never been reviewed or approved by a solicitor).

What it says about your business

Failing to have a GDPR compliant privacy policy sends completely the wrong message about your organisation and the GDPR, suggesting publicly that you are either unaware of, or do not understand, its requirements and raises questions about whether you have implemented steps to meet its other, more onerous obligations, regardless of whether you have or not. On the flipside, compliant documentation demonstrates to everyone that your business is up-to-date, that it cares about its customers and their privacy, and that it has visibly taken steps to comply with the new regime.

If you have any questions about preparing your website for the GDPR or updating your privacy policy, please get in touch with us directly. We have data protection specialists who can assist.

GDPR Privacy Policy is a leading provider of GDPR-compliant website documentation. For £10 off their website documentation package (including a privacy policy) simply enter the word TEISS as the coupon code at the checkout when you purchase the documentation on their website.

Shares

Comments