GDPR The Necessity of Adding a Privacy Policy to Your Website

GDPR The Necessity of Adding a Privacy Policy to Your Website
GDPR is all about Privacy, so it makes sense that a Privacy Policy is of the highest importance, so essential is it that it is actually required to be accessible from every page on your website.

Along with your other policies the best place to link to this policy is on the footer section of each page, it keeps it out of the way of your marketing message but clearly fulfils the required criteria of having it easily accessible.

Countdown To GDPR Compliance





What Should Be in Your Privacy Policy

Article 13 of the GDPR is very prescriptive on the information that must be provided to the data subject at the time their personal data is collected.  It states that the privacy policy should include the following information:

  1. the identity and the contact details of the controller
  2. the contact details of the data protection officer
  3. the purposes and legal basis for the processing
  4. where the processing is based on legitimate interests, details of what these are
  5. the recipients or categories of recipients of the personal data
  6. details of any transfer to a third country and details of the safeguards and the means by which to obtain a copy of them or where they have been made available
  7. the retention periods or the criteria used to determine that period
  8. details on rights of access to and rectification/deletion of personal data. Rights to object to processing and the right to data portability
  9. if processing is based on consent, the right to withdraw consent
  10. the right to lodge a complaint with the supervisory authority
  11. details on whether the data subject is obliged to provide the personal data and the consequences of failure to provide it
  12. details of any automated decision making, including details of the logic used and potential consequences for the individual

As well as this Article 12 also outlines that information must be displayed in “a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child”.  This not only affects the language which can be used, (no more legalese or technical jargon), it also affects the format of how the information is displayed.

In the past Privacy Policies could go on for pages and pages, the appearance of this in itself was off putting with the result that not too many people would read them in their entirety. There are varying methods of displaying a lot of information in a concise way, the one I favour most is the accordion method, an example of which you can find in my own Privacy Policy set up.

As the information that is contained with your Privacy Policy needs to be “easily visible, intelligible and clearly legible….and meaningful overview of the intended processing”. (Article 12 (7) ) It is no longer acceptable to just use widely available templates for your policy. Each policy needs to be individualised to reflect the uniqueness  of each businesses specific set up in relation to how data is collected, used, stored etc.

While there is no doubt that GDPR is going to be somewhat of a headache for SME’s the overall principal behind it, the rights and protection of peoples personal data, is sound and is very much a good thing in general. If approached in the right way creating your Privacy Policy can become a very useful tool for you and your business. By starting off on the right foot now it can assist you in setting up better administrative structures, creating more streamline methods of collecting and using data, as well as eliminating old stockpiles of non -essential, non-relevant files.

You can find more information on GDPR by downloading the Rights of Individuals under the General Data Protection Regulation from the Irish Data Protection Commissioners website.

This has been the second of my Five Blog posts on actions you can take to at least show that a determined effort has been made to make your website GDPR compliant. As I publish the next three I will make them available below, so be sure to keep checking back to see them, or better still get links to them sent directly to your inbox by signing up to my mailing list.

If you have found this post useful and informative please free to share it with others so that they may get the benefit of it also. If you would like help to put your website on the path to GDPR compliance then please do not hesitate to get in touch, I would be more than happy to help you out.


Disclaimer: GDPR is a serious topic and can have financial & legal ramifications for business owners that do not correctly comply. As I am not a legal professional I make no claim that this article or subsequent articles definitively covers everything that website owners should know, as such I would highly recommend that you do further research on the topic and seek legal advice should you deem it necessary. You should not rely on the contents of this article as legal proof of anything and I accept no responsibility or liability for its accuracy.

Latest news

ready to improve your online presence?

Time to Get Your Website Working For You

YES I'm ready! let's Go!