You’ve no doubt heard about the GDPR (General Data Protection Regulation), which focuses on protection of personal data and digital privacy in general. Although the GDPR largely applies to businesses that either a) offers products/services, and/or b) collects personal information from, the new GDPR policy applies to anyone regardless of location.
One of the goals of the GDPR is to simplify the language used in privacy policies so that the average user can understand exactly what is happening with their data that they’re providing, without needing someone else (like a lawyer) to decipher your intent and processes with their data.
Data collection and processing procedures need to be communicated in a way that is concise, transparent, intelligible, and in clear and plain language. This has been done to avoid the dense legalese that has been commonly used prior to the GDPR.
- Personal information – the specific information you collect that relates to the user as an identified or identifiable person
- How you collect the user’s information and why you’re collecting it
- How you are securing and protecting the data you’re collecting
- Information about third parties that have access to the information you’re collecting from your users
- If you use/store cookies
- How your user can control any part of the data collection, storage, or processing of their personal information
- Who your data controller is
- Contact information for the data controller
- Whether you use data to make automated decisions
- Inform users of the 8 rights they have under the GDPR (which sums up as the right to access their data, request changes, and make deletions and corrections)
- Whether or not providing data is mandatory (and what happens if they don’t give personal data, such as not being able to create an account or receive emails)
- Whether you transfer data internationally
- What your legal basis for processing data is