The GDPR policy – Compleye’s advisory advice 

The GDPR policy - Compleye’s advisory advice | Compleye

The GDPR policy – yet another abbreviation to keep in mind. Please do. The General Data Protection Regulation is super important, since it governs the way in which personal data (yes, also yours) is gathered and handled in the European Union. Long story short: it tells you about your rights. Quite an important right, right? 

Society is now more data-driven than ever before. Therefore, there is a rise in cyber-attacks due to a vast amount of stores sensitive data, breaches and other things we would rather avoid. The GDPR, the toughest privacy and security law in the world, answers to these problematic phenomena. 

The General Data Protection Regulation gives businesses a playing field. It also makes the transfer of data between EU countries quicker and more transparent.

Also, it gives EU citizens more control over the ways in which their personal data is used. As long as you’re an identifiable, living person, you have some main rights that you can enforce at any point in time. 8 different rights, to be precise, according to the GDPR. Check them out:

  1. The right to be informed;
  2. The right of access;
  3. The right to rectification;
  4. The right to erasure;
  5. The right to restrict processing;
  6. The right to data portability;
  7. The right to object;
  8. Rights around automated decision making and profiling.

So, as a consumer or website visitor who has these rights, you can e.g. demand from an organisation to tell you how they use your data. In that case, if you have a business, you should always know how to use the data of your customers. Therefore, you are legally safe and you don’t fall into tricks and traps with bad fines.

It’s important to think about the information that you want to address in the GDPR policy.

We advise you to keep the information, in which way data is collected and processed, in an easy and accessible way. Keep it brief, transparent and easy to understand. Nobody is going to search for the privacy policy for hours and also nobody is going to read it when it’s 10 pages long. 

So, which things do you need to address specifically? We will give you some examples. Who is the collector and who is the processor? Are you collecting and processing my data, or is someone else doing it for you? What kind of data do you collect? Is it just my e-mail address, or also my phone number, ID, bank account details etc.? And if you collect my personal data, where do you store them? And for how long? For what purpose? 

Besides, it’s also important to mention data transfer. If you transfer personal data, you have to say where and to whom. Also don’t forget to lay out the GDPR rights of end users, which we have mentioned above. Furthermore, it’s also very important to give details about where the data subjects can go to complain. This means that if you’re active in the Netherlands, you mention the Data Protection Authority in The Hague. Lastly, if anything changes in the privacy policy (e.g. you stop collecting e-mail addresses), don’t forget to mention this in the policy. “This policy will be reviewed on the basis of the changes of the….” This also encourages users to periodically read the policy. Win-win.

Don’t forget to make the policy available at any time.

Users of your website or platform should be able to look into it whenever they want. They might file a complaint if they’re not able to. For example, when a website is publishing your data without asking your consent, you can always rely on the GDPR policy. 

Cookies – no, not the delicious and freshly baked variant – are private data as well, because they give information about where to locate you. Sometimes they are mentioned in the GDPR and sometimes they are mentioned separately. Just don’t forget to oversee the official information about the cookies that you collect as well.

To conclude, you might want to think twice before carelessly clicking the “yes” button when a website asks if it’s okay to use your information. And if you want to be totally safe and sure, we advise you to always – not just when there are red flags – read the privacy policy. Though, bear in mind that we are not legal advisers or experts. This article is an effort to consolidate and simplify the various sources of information across the world for easy understanding. We simply care about your privacy and security.

Table of Contents

Compliance Platform for Tech Companies


All-in-One DIY Compliance Platform to help tech businesses towards their ISO 27001, ISO 9001, or SOC-2 certification and stronger performance on privacy and security. Ready?