Read also: 25 supervisory authorities check Privacy Policyan hour
Articles 13 and 14 of the GDPR list what a privacy policy must contain. However, the list alone is of little help if no one understands what is written there.
The most common deficiencies regulatory authorities find are vague formulations about purpose, lack of information about storage duration, and no explanation of who data is shared with. Many write «legitimate interest» without explaining what that interest actually is.
A good privacy policy answers four questions in plain language—what we collect, why we collect it, who we share it with, and how long we keep it.
What does this mean to you?
Take five minutes and read your privacy policy as if you were a customer. Do you understand it? If not — rewrite it in plain English.
Inspired by: European Data Protection Board