Privacy Policy : The ultimate checklist


Have you decided that it’s time to revise your privacy policy? 

Are you busy with starting a new business? Have you recently launched a website or application? Or have you expanded into new markets and territories? Good for you! It might not be the most thrilling part of your work, but a well-crafted privacy policy brings a whole bunch of advantages. Unfortunately, it’s hard to get a sense of what you need to incorporate into your own privacy policy by looking at other organisations’ policies. Don’t worry, we’ve got you covered. 

The checklist should include:

Your business and contact information. Specifically,  include your organisations’ (and DPO’s) full name, address and any other contract information.

The categories of data you collect, how you collect it and the purpose of collecting it. Furthermore, describe the categories of personal information collected, sold, shared and disclosed within the preceding 12 months. What types of information you collect, how you collect or source data and what you intend to do with your users’ data.

The legal basis of data collection. Make sure the listed basis is legal for collection by the GDPR.

Consumer rights. Describe clearly the rights the user or data subject you are collecting data from, possesses and how they can exercise these rights.

Who you share personal information with. Additionally, disclose whether or not you sell personal information or have sold certain categories of personal information in the last 12 months.

Whether the data will be transferred across borders and whether it’s voluntary or mandatory collection. Establish safeguards to enable a compliant data transfer and indicate what categories of collected data are required or optional.

Your data retention policies, security measures and financial incentive programs. Explain how long you intend to retain users’ data and what criteria you will use to determine when you’ll delete that data.

How you will communicate changes to your privacy policy and the effective date. As organisations evolve and laws change, your policies will too. As a result, you should tell users how you will let them know about future changes and show full transparency by including the effective date of your current privacy policy.

Follow this checklist and enjoy the peace of mind that comes with it.

Table of Contents

Compliance Platform for Tech Companies

All-in-One DIY Compliance Platform to help tech businesses towards their ISO 27001, ISO 9001, or SOC-2 certification and stronger performance on privacy and security. Ready?