Documentation

How to Update Your Documents to Get Your GDPR Privacy and Cookie Policy

As you probably already know: the GDPR (General Data Protection Regulation) will become fully enforceable on May 25th 2018.

In order to get a full GDPR privacy policy and related cookie policy, please follow the below process.

How can I include the new GDPR related text in my policy?

All newly created privacy and cookie policies get the new text automatically.

All existing policies need to turn on the GDPR text switch to enable it. The switch is called “Enable GDPR wording”. In order to locate the switch you need to enter the editing of your privacy policy, which can be found via “Dashboard -> then click on your policy -> and go to “edit” from the privacy policy section.

Next to the switch you will find a link which previews the new GDPR related text. So please feel free to go through the text.

Generally, we recommend sending a notice to your users in order to inform them about the GDPR update. You can find a summary of what changes we’ve introduced at the bottom of this post.

When do I need to take action for my existing privacy and cookie policies?

We will eventually apply this change to all existing policies. So please take a few minutes to apply the outlined change in order to have your iubenda GDPR privacy policy ready by May 25th 2018.

Possibility to apply the new GDPR text to either EU users only or to all users

Given that the GDPR is an EU directive we offer the option to apply the new GDPR wording only when European data protection legislation applies. This means that the GDPR related provisions will then only apply to users who you are required to offer the rights to. You can always choose to apply that text to all users by choosing this option.

Please note: European users are not allowed to exclude certain types of users from the rights awarded by the GDPR. This is however not automatically set up by us.

You can find the switch here:

  • log into your privacy policy admin area
  • enter the editing of your privacy policy, which can be found via “Dashboard -> then click on your policy -> and go to “edit” from the privacy policy section
  • there’s a box housing the switch to enable the GDPR text called “Enable GDPR wording”
  • under the heading “Apply GDPR`s broader protection standards to ”choose from “Apply to all users” (default option) or “Apply to EU users only

This allows you to consider your specific case and react to where your users/clients are based and choose accordingly.

Want to learn more about the GDPR? Please have a look at our detailed GDPR guide.

What changes have been made to the policy text?

In addition to the above information, you can find a summary of the changes introduced in reaction to the requirements of the GDPR here.

Depending on the type of privacy policy you choose, here are the changes for each of these policies compared to the earlier iubenda policies:

Version GDPR texts for everyone

  • general: improvements in readability
  • added: a section outlining the legal basis of processing
  • rewritten large parts: the section about the place of processing is now explicit about data transfers and the user’s informational rights regarding such transfers.
  • rewritten: retention time now outlines the rationale behind any retention periods of user data.
  • added: we’ve added a dedicated user rights section to accommodate rights required by the GDPR.
  • rewritten small parts: the changes to this privacy policy section has been updated to account for GDPR rules.
  • rewritten small parts: the definitions section was updated to account for GDPR wording.
  • rewritten: the legal information section was updated to precisely describe the basis of the privacy policy wording.
  • rewritten small parts: the cookie policy text has been rewritten to use the same terminology as the privacy policy and therefore play well with the rest of the system.

Version GDPR texts only when European data protection legislation applies

  • general: improvements in readability
  • added: a section explaining that this privacy policy text follows two differing standards depending on which legislation applies to the user. This standard is explicitly mentioned within all of the privacy policy where differences are applicable.
  • added: a section outlining the legal basis of processing
  • rewritten large parts: the section about the place of processing is now explicit about data transfers and the user’s informational rights regarding such transfers.
  • rewritten: retention time now outlines the rationale behind any retention periods of user data.
  • added: we’ve added a dedicated user rights section to accommodate rights required by the GDPR.
  • added: a section that outlines when the broader of the differing standards apply to users.
  • rewritten small parts: the changes to this privacy policy section has been updated to account for GDPR rules.
  • rewritten small parts: the definitions section was updated to account for GDPR wording.
  • rewritten: the legal information section was updated to precisely describe the basis of the privacy policy wording.
  • rewritten small parts: the cookie policy text has been rewritten to use the same terminology as the privacy policy and therefore play well with the rest of the system.

Want to learn more about providing a GDPR privacy policy? Please have a look at our guidance to choose the right services.

Still have questions?

Visit our support forum Email us