How do I make sure my privacy policy is GDPR compliant? Corporate & Commercial

Your privacy policy is the conduit through which you must communicate your privacy practices to users, customers and clients.

The policy must be concise, easy to understand and presented in an accessible form.

GDPR stipulates what content must be included in a privacy policy. Such content includes:

  • the identity of the organisation which collects and uses the personal data (e.g. its full name and contact information);
  • what personal data is collected (e.g. name, email address, telephone number);
  • how personal data is collected (e.g. through a contact form on the organisation’s website or via cookies);
  • why personal data is collected and the lawful basis which is being relied on to process the personal data (the lawful bases include consent, legitimate interest and necessary for the performance of a contract);
  • when personal data may be disclosed to third parties and the purpose of such disclosures;
  • when personal data is transferred outside the European Economic Area and details of the safeguards used to legitimise such a transfer;
  • details of the additional rights which individuals have in respect of their personal data (e.g. to request access to, deletion of or correction of, their personal data or to request their personal data be transferred to another person).

Our Commercial Law Specialists

Contact a member of the team for advice.