The GDPR is complex and can have serious ramifications for your business. If you’d like to discuss the GDPR and how it impacts your business, get in contact.
I have written on privacy policies a bit before and covered in some detail the rise of the General Data Protection Regulation (GDPR) in the European Union (EU) and the various GDPR “loopholes.” It is real, it is here, and any business that may be doing business with a person or entity in the EU needs to comply.
To catch you up, the GDPR is a privacy regulation from the EU that took effect in 2018. It aimed to create a unified data privacy legal framework in the EU and to codify EU resident’s rights to data protection. It broadly applies to people and businesses that interface with EU residents — that is to say, you need not have an office in the EU for the GDPR to apply to you.
What does the GDPR require?
The identity of the data controller and data processor;
if you have a data protection officer, the contact information for that officer;
for what purpose you are utilizing collected data — legitimate interest;
how data is being processed;
where consent is required and how it is obtained;
data subject rights;
any vendors or subsidiaries you share data with and assurances they will comply with the GDPR;
whether and where you will transfer data across jurisdictions — especially out of the EU;
your data retention policies; and
how an individual can request their data be removed.
Please note, this is a boilerplate — that means it is not tailored at all to your specific needs. It should not be taken and used without thought, nor should sections be lifted from it and used unless you know their meaning and utility. Please get in touch if you want to discuss any of the ramifications for your business.