GDPR Privacy Policy

- Your first template is free
We’re reader-supported and may be paid when you visit links to partner sites. We don’t compare all products in the market, but we’re working on it!
If your company operates in the European Union (EU) in some way, you need to make sure its privacy policy complies with the General Data Protection Regulation (GDPR). Failing to comply can result in hefty fines. This guide defines the GDPR and what you need to know to compose a compliant privacy policy.
The GDPR is a data protection law that came into effect in 2018 and replaced the Data Protection Act of 1998. GDPR is designed to give EU citizens more control over how their personal information is collected and used by organisations. The law requires organizations to outline what information they collect, why, and what they do with it in a clearly defined privacy policy.
The fine for violating the law can be up to 4% of your company's global revenue or €20 million, whichever is higher.
According to the Office of the Australian Information Commissioner, an Australian company must have a GDPR policy if it:
You should clearly display your company's GDPR policy on your website. It is recommended that you use a popup or checkbox to confirm that users consent to the way you will use their personal data.
The GDPR requirements go further than previous European policies and Australian privacy law. GDPR privacy policy expands the definition of "personal data" beyond personal details to include location data, online identification, genetic information, and so on.
GDPR requires users to be able to opt-in to provide consent for the collection of their data. Organisations are directly responsible for their compliance with the legislation and they are required to report data breaches within 72 hours.
A GDPR privacy policy includes specific details of how a company collects, use and stores user data, customers' rights and how the company will comply with the legislation.
A GDPR privacy policy must include identity and contact details of the organisation and its data protection officer. It should include clauses that explain how and why the company will:
The policy should also include how long the organisation will retain the data and how it will decide the time period; that users have the right to withdraw consent or lodge a complaint; whether users are required to provide personal data and the consequences if they do not provide the information.
GDPR policy must be tailored specifically to the audience, so you should not use the same notice for different situations. You may need to adjust the content and translate the language of your privacy policy for different customer groups or versions of your website.
GDPR policy notices should avoid unnecessary legal jargon and technical terminology that will be difficult for readers to understand easily.
A clear GDPR privacy policy document is important for making sure that your business complies with the EU legislation. It can provide an effective defence in the event there is a legal challenge against the way customer data is used.
You do not need a lawyer to write a GDPR-compliant policy. However, consulting a data protection lawyer that has specific knowledge of the European legislation can help ensure your company's policy meets the requirements.
GDPR requires that you write your company's privacy policy in clear language so that users are well informed of how their data will be used. The wording should be "in a concise, transparent, intelligible, and easily accessible form".
Policy notices should avoid using vague qualifiers such as "might," "some," or "often," that create ambiguity and provide loopholes. Sentences should be well structured in the active tense and use bullet points to highlight specific areas.
The European Commission provides guidelines on how to write a compliant policy, with examples of good and bad practice. Some law firms provide GDPR privacy policy templates you can use to help get started.
Read about how a lawyer specialising in unfair dismissal can help you protect your rights and guide you through a challenging time.
Learn about the key points of share sale agreements and find templates you can download and customise to your needs.
Create a watertight joint venture agreement with the help of a legal template.
Use a customisable template to help ensure your incorporated joint venture agreement is legally sound.
How to download and customise a service delivery agreement to quickly protect your business.
How to craft a legally binding contract with the help of a template.
There's no need to start from scratch with a professionally-made template you can download.
Use a legal document template to craft an agreement that offers clarity on what's expected from all parties.
How to make sure everything's above board if you plan to rent out equipment to your customers.
Get expert legal advice on all your family and business matters in Sydney and Newcastle with Turnbull Hill Lawyers.