Privacy Policy : The ultimate checklist

Have you decided that it’s time to revise your privacy policy?

Are you busy with starting a new business? Have you recently launched a website or application? Or have you expanded into new markets and territories? Good for you! It might not be the most thrilling part of your work, but a well-crafted privacy policy brings a whole bunch of advantages. Unfortunately, it’s hard to get a sense of what you need to incorporate into your own privacy policy by looking at other organisations’ policies. Don’t worry, we’ve got you covered.

The checklist should include:

Your business and contact information. Specifically, include your organisations’ (and DPO’s) full name, address and any other contract information.

The categories of data you collect, how you collect it and the purpose of collecting it. Furthermore, describe the categories of personal information collected, sold, shared and disclosed within the preceding 12 months. What types of information you collect, how you collect or source data and what you intend to do with your users’ data.

The legal basis of data collection. Make sure the listed basis is legal for collection by the GDPR.

Consumer rights. Describe clearly the rights the user or data subject you are collecting data from, possesses and how they can exercise these rights.

Who you share personal information with. Additionally, disclose whether or not you sell personal information or have sold certain categories of personal information in the last 12 months.

Whether the data will be transferred across borders and whether it’s voluntary or mandatory collection. Establish safeguards to enable a compliant data transfer and indicate what categories of collected data are required or optional.

Your data retention policies, security measures and financial incentive programs. Explain how long you intend to retain users’ data and what criteria you will use to determine when you’ll delete that data.

How you will communicate changes to your privacy policy and the effective date. As organisations evolve and laws change, your policies will too. As a result, you should tell users how you will let them know about future changes and show full transparency by including the effective date of your current privacy policy.

Follow this checklist and enjoy the peace of mind that comes with it.

ISO 27001 Platform for Startups

All-in-One DIY Compliance Platform to help start-ups towards their ISO 27001, ISO 9001, or SOC-2 certification and stronger performance on privacy and security. Ready?

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others

Privacy Policy : The ultimate checklist

Have you decided that it’s time to revise your privacy policy?

The checklist should include:

Your business and contact information. Specifically, include your organisations’ (and DPO’s) full name, address and any other contract information.

The legal basis of data collection. Make sure the listed basis is legal for collection by the GDPR.

Consumer rights. Describe clearly the rights the user or data subject you are collecting data from, possesses and how they can exercise these rights.

Who you share personal information with. Additionally, disclose whether or not you sell personal information or have sold certain categories of personal information in the last 12 months.

Whether the data will be transferred across borders and whether it’s voluntary or mandatory collection. Establish safeguards to enable a compliant data transfer and indicate what categories of collected data are required or optional.

Your data retention policies, security measures and financial incentive programs. Explain how long you intend to retain users’ data and what criteria you will use to determine when you’ll delete that data.

Table of Contents

Are you in Amsterdam?
Visit our office.

Privacy Policy : The ultimate checklist

Have you decided that it’s time to revise your privacy policy?

The checklist should include:

Your business and contact information. Specifically, include your organisations’ (and DPO’s) full name, address and any other contract information.

The legal basis of data collection. Make sure the listed basis is legal for collection by the GDPR.

Consumer rights. Describe clearly the rights the user or data subject you are collecting data from, possesses and how they can exercise these rights.

Who you share personal information with. Additionally, disclose whether or not you sell personal information or have sold certain categories of personal information in the last 12 months.

Whether the data will be transferred across borders and whether it’s voluntary or mandatory collection. Establish safeguards to enable a compliant data transfer and indicate what categories of collected data are required or optional.

Your data retention policies, security measures and financial incentive programs. Explain how long you intend to retain users’ data and what criteria you will use to determine when you’ll delete that data.

Table of Contents

Are you in Amsterdam?Visit our office.

Are you in Amsterdam?
Visit our office.