Drive sales on autopilot with ecommerce-focused features
See Features[GDPR Video] Get Your Privacy Policy GDPR-Ready with 3 Steps
Make your privacy policy GDPR-ready with these important tips from KJ Dearie, Product Specialist and Privacy Consultant at Termly.
You can watch her talking about the 3 important parts you need to have for a GDPR-ready privacy policy.
She’ll tell you how to make your privacy policy GDPR-ready:
- Make your privacy policy more transparent
- Make your privacy policy more comprehensive and specific
- Give users more control over their data
You can also read along as she explains it to you.
The 3 crucial parts of a GDPR-ready privacy policy
Privacy Consultant KJ Dearie from Termly shows you how to make sure your Privacy Policy is GDPR-compliant.
Watch the video below:
Here’s a transcript of the video if you’d like to read along while you listen to KJ:
The important aspects of a GDPR-compliant privacy policy
“Hi everybody, my name is KJ Dearie. I’m a product specialist for Termly and I want to talk to you about getting your privacy policy GDPR-ready.
Let me start off by saying that I’m not a lawyer and that to get your business GDPR-compliant, you should definitely consult with a legal team or a compliance team.
But, that being said, there are a few steps that you can take to get your privacy policy more GDPR-ready so let’s get into those.
Essentially, these are gonna look different between every business and every policy, but there are three big things to keep in mind and that’s gonna be:
- making your policy more transparent
- more comprehensive
- and then using it to give users some control over their data.”
Step 1: Make your privacy policy more transparent
“So making it more transparent—it’s gonna be in line with Article 12 of the GDPR, which says you need to use plain and clear language.
That’s a big thing and a big revolutionary stance on privacy practices and privacy policies, because before it was kind of the go-to that businesses would use a lot of legalese basically to disclose their data handling practices.
Now you want to cut out the legalese and you want to make your policy as easily comprehended and navigable as possible.
So there are a few things you can do besides using more clear language.
That’s going to be putting in a table of contents so that if a user comes to your policy with a question in mind they can navigate right to that section and get the answer they’re looking for.
Then another big thing that we recommend is putting in a section summary or a TL;DR so that a user can gather the information of that section of your policy without having to wade through any kind of legal jargon that you feel is necessary to keep in that policy.”
Step 2: Make your privacy policy more comprehensive and specific
“So that’s making it more transparent. Then, making it more comprehensive—basically there are quite a few things that you’re going to need to add to your policy, most likely, to make it more GDPR-friendly.
Let’s see, that’s gonna be:
- the legal bases on which you’re processing or handling data
- how you use information
- how you collect information
- what information you collect
- who you share it with if you transfer it internationally
- and then some necessary contact information like your DPO or your EEA representative
Each of those, again, is gonna look different. Basically, the key stance you want to take going forward is to be as granular and specific as possible.
So take for instance when you’re writing in what information you collect, you should really break this down into categories such as personal information you collect.
That’s going to be:
- contact data
- name
- credit card information
- email address
And then there’s information that might be collected through apps. So if you have an app then you’re probably collecting geo-location or you know various mobile device data.
Or there’s a kind of information or data that’s automatically collected if you use cookies or tracking technologies that would fit under that umbrella.
So there are so many more categories you could add into your policy and that different companies will have or will not have, but the key is to be granular and specific to outline every piece of data you collect and every data handling process that you engage in.”
Step 3: Give users more control over their data
“So that’s transparency, making it more comprehensive, and then using it to give users more control over their data.
Basically, you just want to write something into your policy that says if you would like to request to view, edit, modify, or delete your data from our servers, go here and provide them with a link, a form, a page or whatever, where they can go and request action be taken with their data since the GDPR under Articles 15, 16, and 17 grant them this right.
So that’s really important to put in there.
So, again, this is gonna look different for every company, every privacy policy, every industry in every business. But you definitely want to keep these three things in mind going forward and making your privacy policy more GDPR-friendly.
Right, I hope this helps you all and good luck!”
Watch more videos in the series
TABLE OF CONTENTS
No fluff, no spam, no corporate filler. Just a friendly letter, twice a month.
What’s next