What’s more, we regularly monitor our policies and templates to ensure they are up-to-date with current legislation, and notify you if they ever change.
If you have a website, this should be made available to your users, and clearly linked.
Under the GDPR, you should include the following information:
- What data you collect
- How you collect it
- What you do with that data
- Your legal basis for collecting that data
- How you keep it secure
- Whether you share it with third parties
- Whether you transfer data to countries outside of the EEA
- Whether you use automated decision-making
- Information of a users’ rights and how the user can exercise their rights
- Contact details of your Data Protection Officer (if you have one)
It must also be clear and concise, so that it is easily to understand and navigate. Even more stringent controls occur if you are collecting the personal data of children.