Your privacy policy is a living document. It grows and changes with your data practices to accurately reflect your organisation’s methods of handling data. For this reason, your privacy policy has to evolve and to be updated over time. Let’s find out more in this article.
What is a privacy policy?
The privacy policy is one of the main documents of any website, no matter its size (a small blog with no revenue, a corporate website, an e-commerce site, an education establishment site etc.), that informs users about how their personal data is handled.
This includes knowing:
- Which data is collected;
- How and why it is collected;
- How long it is stored for;
- Who it might be shared with.
But also the individual privacy rights and how to exercise these rights.
Thus, the privacy policy must be accessible to your users in a dedicated area of your website, and must be written in a simple and readable language.
Your privacy policy should be promoted to your audience by ensuring it is as accessible as possible. A way to implement so is via a link on the footer of your website, and a link on all your forms that collect users information.
Why does the GDPR require you to update your privacy policy?
This legal document is intended to live in time, simply because it describes the processing of personal data that your company carries out. However, the processing of personal data changes and is enriched. This leads to the updating of your privacy policy on your website.
You will therefore have to update your privacy policy regularly:
- Because you create a new data processing or significantly modify an existing one. For example, you change or add a subcontractor, you create a processing operation involving a new purpose, or because you start processing sensitive data.
- Because writing standards evolve over time. Regulators are becoming more and more interested in this topic. The trend is to remove legal jargon and words that are too technical, and to move towards clear, simple and intelligible texts.
Template, privacy policy generator… wrong idea?
Writing a privacy policy is perhaps one of the least difficult things to do today… because privacy policies are public documents. Be inspired or simply copy paste existing online texts seems the easier thing to do. But these documents may be protected by copyright, or are specific to the processing of personal data of a company, or on the contrary, are too generic.
However, there are privacy policy generators and GDPR privacy policy templates.
Good idea or not?
The main problem is that these headings remain rather generic. Whereas the privacy policy must absolutely be adapted to your company and your activity:
- by mentioning the purposes of the data processing you are carrying out;
- by specifying the existence of data transfers outside the European Union, which often depend on the IT solutions you use;
- etc.
Many merchants do not have the necessary skills, and often do not have the time to adapt the content of their policies to their activities. They therefore publish what they find online. This is a risky decision to publishing a non-customised privacy policy that does not contain all the GDPR and ePrivacy regulation required information. This can have real consequences on your brand image, as well as fines.
It is therefore recommended to consult an expert lawyer or to use specialised tools.
The Admeet tool allows you to create your privacy policy:
- clear and easy to understand;
- multilingual;
- adapted to all types of devices (phone, laptop, etc.);
- adapted to your brand identity and communication tone of voice.
Make your website GDPR compliant quickly and easily.
How do you update your privacy policy?
In order to keep your privacy policy up to date, you need to consider several steps:
- Being able to edit it easily. You won’t change it every day, but it’s a shame to have to wait several days or weeks for an internal developer or service provider to publish a new version of the policy.
- Include a paragraph in your privacy policy stating that it can be changed at any time.
- Highlight the date of the last update.
Do you need to notify your users of the change?
Every time you make a substantial change to the way you collect, use, store, or share data, then you need to notify your users of the change.
There are simple notification methods that maximise transparency. These are:
- sending an e-mail or SMS to announce the changes;
- using a notification on your website to announce the update.
Conclusion: Keep your privacy policy up to date
The privacy policy is not a “one shot”, a static document. It grows and changes with your data practices to accurately reflect your organisation’s processing of personal data at that moment in time. It is a living document that you should definitely update on a regular basis.
The privacy policy is therefore intended to evolve to integrate new regulatory standards such as:
- Additional information on specific topics required by the regulatory authorities;
- Change of the writing techniques to make the information easier to read.
Therefore, to ensure you don’t miss anything that could leave your business exposed, we recommend reviewing your policy on a regular and scheduled basis.
Moreover, keep in mind that the privacy policy is only one of the steps in bringing a company website inline with GDPR compliance. Don’t forget to think about cookies and tracking technologies by having a compliant cookie policy and cookie banner.
Need website policies fast?
Not to worry, a tool such as the one proposed by Admeet will help you make your website GDPR compliant. Be as transparent as possible on how you protect your users data by integrating visual, clear and compliant legal documentation.