GDPR Privacy Notice Template
Definition of GDPR
GDPR is a European Union regulation in regard to data protection and privacy for any personal data of a citizen of all the countries which are in the EU. It also addresses the transfer of any personal data outside the countries of the EU.
The goal of the GDPR is to grant individuals rights over their personal data, and to simplify the regulatory environment for international business.
Privacy Notice
A privacy notice is required by the GDPR, and its goal is to allow customers of an organization to understand how their personal data is being used, stored, protected, and deleted.
It also allows them to query the organization in regard to the policies, procedures, and methods used for collecting and processing data.
The customers can also use the notice to request that the organization won’t use their personal data in a certain way.
Required Fields in Privacy Notice Template
The notice must include the following information:
- Company details: Name, address, general e-mail, and phone number, and they type of company (public, private, freelance, consulting firm)
- DPO details: Name, title, e-mail, and phone number
- Data Processing Information: Type of data collected, data source, how is the data used, stored, and used for marketing
- Data Protection Rights: Maps the rights of the customers – access, rectification, erase data, process restriction, object to processing, data portability
- Use of Cookies: Explanation, use, and management possibilities
- Privacy Policy: Updates to the policy (location, frequency, etc.), contact information, and the contact information of the appropriate authority
Contacts and Escalations
Who can assist with any questions, and who should conflicts be escalated to.
Roles and Responsibilities
DPO:
Is in charge of approving all processes and policies which pertain to the GDPR and ensuring that they comply with its statutes and regulations. This role is required by the GDPR, and is the compliance SME of the IT department.
Documentation SME:
Writes the notice in a way that it complies with the GDPR statutes, is easily understood, and has references to the relevant material. The SME is also in charge of maintaining the notice, and updating it if and when the GDPR statutes are updated.
Legal SME:
Ensures that the notice complies with the rules and laws of the country that the organization is based out of.
PMO:
Collates the information from all the parties involved in the data breach and its notification.