14 November 2017
Your website is one of the few parts of your business affected by the GDPR which is public and therefore visible for anyone to see. This includes not only the Information Commissioner’s Office (ICO) itself, but also your customers and competitors, any one of whom could report you to the ICO for non-compliance, and the ICO is obliged to act on complaints they receive.
Easy to get wrong and for a breach to be shown
Because the GDPR’s requirements for privacy policies (Articles 22 to 22) are both general and prescriptive, they are very challenging to satisfy. Moreover, failure to meet a single requirement is an instant breach of the GDPR and, unlike many of the GDPR’s other requirements, can easily and instantly be proven.
Moreover, an international investigation into privacy policies (including by the ICO) has found them to be ‘too vague’ and ‘generally inadequate’.
What it says about your business