5 reasons why you need a GDPR-compliant privacy policy, and where to get one

5 reasons why you need a GDPR-compliant privacy policy, and where to get one

So far, not enough attention has been placed on the need to update your privacy policy for the GDPR. We explain why that’s wrong, and set out 5 reasons why it should be at the top of your GDPR preparation list.

Updating your website’s privacy policy is a crucial step for achieving GDPR compliance - you simply cannot be GDPR-compliant without one. This article sets out 5 reasons why it’s so important to have a GDPR-compliant privacy policy and includes a unique discount code at the end for a recommended GDPR-compliant website documentation provider.

Much of the focus of GDPR related articles has so far been on the new concepts it introduces, such as data breach reporting, pseudonymisation, privacy impact assessments and privacy by design. Less focus, however, has been placed on more seemingly straightforward obligations, such as updating your website’s privacy policy (or putting one in place if you do not already have one).

Further consideration of the nature of a website privacy policy and the legislation itself quickly reveals why this analysis is incorrect and why updating your website’s privacy policy is one of the most important and cost-effective steps your business can take to prepare for the GDPR. Here are the 5 reasons:

It’s public

Your website is one of the few parts of your business affected by the GDPR which is public and therefore visible for anyone to see. This includes not only the Information Commissioner’s Office (ICO) itself, but also your customers and competitors, any one of whom could report you to the ICO for non-compliance, and the ICO is obliged to act on complaints they receive.

Highest fines

Failing to have a privacy policy, or having a non-compliant privacy policy is specified by Article 83(5)(b) of the GDPR as one of the breaches that should attract the highest fines of up to €20,000,000 or 4% of turnover, so if fines are your main concern, this is one of the most important obligations to get right. In fact, it exceeds the fines for failing to introduce data protection by design and by default into your business!

Easy to get wrong and for a breach to be shown

Because the GDPR’s requirements for privacy policies (Articles 12 to 22) are both general and prescriptive, they are very challenging to satisfy. Moreover, failure to meet a single requirement is an instant breach of the GDPR and, unlike many of the GDPR’s other requirements, can easily and instantly be proven.

Facebook has just been fined €1,200,000, in part for failing to be transparent in their privacy policy about how they use and collect user’s data (and this is before the GDPR has even come into effect).

Moreover, an international investigation into privacy policies (including by the ICO) has found them to be ‘too vague’ and ‘generally inadequate’.

Affordable, high quality solutions are available

Despite being one of the most important obligations the GDPR introduces, it is also (fortunately) one of the most-cost effective to meet. For £100 or less, you can obtain high-quality GDPR- compliant documentation for your website that can be adapted to work for your business. This is a fraction of what it generally costs to comply with the GDPR’s other obligations or to have a solicitor prepare such documentation for you, either of which can easily run into the £1000s. But be equally wary of cheap or free online ‘privacy policy’ sellers. Most are incomplete, non-compliant, overly technical, or simply impossible to adapt to the specific requirements of individual businesses, nor have they ever been reviewed or approved by a solicitor, which is a key point to check.

What it says about your business

Failing to have a GDPR compliant privacy policy sends completely the wrong message about your organisation and the GDPR, suggesting publicly that you are either unaware of, or do not understand, its requirements and raises questions about whether you have implemented steps to meet its other, more onerous obligations (regardless of whether you have or not). Conversely, GDPR-compliant website documentation demonstrates to everyone that your business is up-to-date, that it cares about its customers and their privacy, and that it has visibly taken steps to comply with the new regime, which is a big part of what the GDPR is about.

If you have any questions about preparing your website for the GDPR or updating your privacy policy, please get in touch with us directly. We have data protection specialists who can assist.

GDPR Privacy Policy is a leading provider of GDPR-compliant website documentation. For £10 off their website documentation package (including a privacy policy) simply enter the word TEISS as the coupon code at the checkout when you purchase the documentation on their website.

Copyright Lyonsdown Limited 2021

Top Articles

Exposure of financial services to phishing rose by 125% in 2020

There was a 125% surge in the number of phishing attacks that financial services and insurance organisations experienced between 2019 and 2020.

Millions of Brits using old and unsecured routers, finds Which? ISPs differ

Which? has warned that millions of Brits are using old Wi-Fi routers, vulnerabilities in which could be exploited by hackers.

Scripps Health suffers a ransomware attack, suspends critical operations

Scripps Health recently suffered a ransomware attack that forced it to suspend user access to its online portal and applications and divert patient care operations.

Related Articles