What should a GDPR-compliant privacy policy include?
In this post, we’ll look at a GDPR policy template and list everything you may need to make your privacy policy compliant!
The General Data Protection Regulation, at its most basic, specifies how personal data should be lawfully processed, including how it’s collected, used, protected or interacted with in general.
It’s meant to strengthen data protection for all people whose personal information fall within its scope of application.
When you collect users’ data, the GDPR requires that you show a privacy policy, whether if you run a website, an app, an eCommerce or a newsletter (these are just a few examples).
Your privacy policy should be clear and unambiguous, up-to-date and easily accessible throughout your website or app. It should state, at the very least:
As we said, these are just the basic elements.
For instance, you may also need to add the name and contact details of your Data Protection Officer (DPO), or EU representative if that applies to your company.
This article is a part of our series on GDPR and GDPR compliance. Read also:
Here’s a template of a GDPR-compliant privacy policy, generated with iubenda’s Privacy and Cookie Policy Generator.
Just click the button to open it!
Privacy PolicyNon-compliance can have strong consequences.
GDPR is well-known for its hefty fines, which can amount up to EUR 20 million (€20m) or 4% of the annual worldwide turnover – whichever is greater.
But perhaps equally as concerning are the other potential sanctions: official reprimands (for first-time violations), periodic data protection audits and liability damages.
iubenda set of tools can help you achieve GDPR compliance, in minutes. You can access our full range of GDPR solutions here.
Do you need a privacy policy? Check out our Privacy and Cookie Policy Generator!
It allows you to create a lawyer-crafted, precise privacy policy and to seamlessly integrate it with your website or app.
You can either add any of our +1700 pre-created clauses, or easily write your own custom clauses using the built-in form.
The privacy policy also comes with the option to include a cookie policy, which is necessary if your website or app is using cookies. The policies are customizable to your needs and remotely maintained by an international legal team.