The Privacy Policy that you display on your website is an external policy telling users and potential clients, what personal data you are collecting about them, how and why and what you are using it for, whether you are sharing with anyone or if you are transferring their personal data outside of the EEA and so on. It is in essence your external GDPR window to the world!
A properly written Privacy Policy shows that you are complying with your obligations under the GDPR by processing personal data “lawfully, fairly and in a transparent manner”. Likewise, lack of one is like waving a red flag saying that you, as an organisation, are not GDPR compliant and that you don’t take seriously your users or client’s personal data. Clients, employees and anyone whose personal data you hold, now have a greater awareness of their rights and expect and trust organisations to safeguard their data and to be up-front and transparent about what you do with their personal data. This is what should be reflected in your Privacy Policy.
Additionally, not having a Privacy Policy on your website or by displaying a deficient Privacy Policy could lead to a fine by the Data Protection Commission as well as reputational damage to your organisation.
If you would like us to help update or draft a Privacy Policy for your website or for an informal chat about your GDPR compliance, please get in touch by emailing [email protected] or by calling (086) 075 9797.
By Adelaide White
Co-Founder and Director of Data Privacy International
