The GDPR policy – Compleye’s advisory advice 

The GDPR policy - Compleye’s advisory advice | Compleye

The GDPR – yet another abbreviation to keep in mind. Please do. The General Data Protection Regulation is super important, since it governs the way in which personal data (yes, also yours) is gathered and handled in the European Union. Long story short: it tells you about your rights. Quite an important right, right? 

Society is now more data-driven than ever before. Therefore, the vast amount of stored sensitive data has resulted in a rise in cyber-attacks, data breaches and other things we would rather avoid. The GDPR, also known as the toughest privacy and security law in the world, answers to these problematic phenomena. 

The General Data Protection Regulation gives businesses a playing field and it makes the transfer of data between EU countries quicker and more transparent.

It also empowers EU citizens, by giving them more control over the ways in which their personal data is used. As long as you’re an identifiable, living person, you have some main rights that you can enforce at any point in time. 8 different rights, to be precise, according to the GDPR. Check them out:

  1. The right to be informed;
  2. The right of access;
  3. The right to rectification;
  4. The right to erasure;
  5. The right to restrict processing;
  6. The right to data portability;
  7. The right to object;
  8. Rights around automated decision making and profiling.

Because of these rights, as a consumer or website visitor, you can e.g. demand that an organisation tells you how they use your data. So if you have a business, you should always know how to use the data of your customers. This way, you are legally safe and you don’t fall into tricks and traps which fines are not considered funny. 

It’s important to think about the information that you want to address in the GDPR policy.

We would advise you to provide the information about the way data is collected and processed in an easy and accessible way, by keeping it brief, transparant and easy to understand. Nobody is going to search for the privacy policy for hours, just like nobody is going to read it when it’s 10 pages long. 

So, which things do you need to address specifically? We will give you some examples. Who is the collector and who is the processor? Are you collecting and processing my data, or is someone else doing it for you? What kind of data do you collect? Is it just my e-mail address, or also my phone number, ID, bank account details etc.? And if you collect my personal data, where do you store them? And for how long? And for what purpose? 

Besides, it’s also important to mention data transfer. If you transfer personal data, you have to say where and to whom. Also don’t forget to lay out the GDPR rights of end users, which we have mentioned above. Furthermore, it’s also very important to give details about where the data subjects can go to complain. This means that if you’re active in the Netherlands, you mention the Data Protection Authority in The Hague. Lastly, if anything changes in the privacy policy (e.g. you stop collecting e-mail addresses), don’t forget to mention this in the policy. “This policy will be reviewed on the basis of the changes of the….” This also encourages users to periodically read the policy. Win-win.

Don’t forget to make the policy available at any time.

This means that users of your website or platform should be able to look into it whenever they want. When you don’t, they might go and file a complaint. For example, when a website is publishing your data wihout asking your consent, you can always rely on the GDPR policy. 

Cookies – no, not the delicious and freshly baked variant – are private data as well, because they give information about where to locate you. Sometimes they are mentioned in the GDPR and sometimes they are mentioned seperately. Just don’t forget to oversee the official information about the cookies that you collect as well.

To conclude, you might want to think twice before carelessly clicking the “yes” button when a website asks if it’s okay to use your information. And if you want to be totally safe and sure, we advise you to always – not just when there are red flags – read the privacy policy. Though, bear in mind that we are not legal advisers or experts. This article is an effort to consolidate and simplify the various sources of information across the world for easy understanding. We simply care about your privacy and security.