Documentation

GDPR changes to the iubenda Privacy and Cookie Policies

The General Data Protection Regulation (GDPR) is the new European privacy regulation, fully applicable from 25 May 2018. All privacy and cookie policies generated with iubenda are compliant with the GDPR, with the possibility of apply the protection standards defined by the regulation only to European users or to all users.

How to apply the GDPR model only to EU users or to all users

Given that the GDPR is an EU directive we offer the option to apply the new GDPR wording only when European data protection legislation applies. Using this option, the GDPR related text and provisions will then only apply to users who you are required to offer the rights to. However, you can also choose to apply that text to all users by choosing the “All Users” option.

Important (the following applies to European users)

If you are a European user, you are not allowed to exclude certain types of users from the rights awarded by the GDPR. This means European users must always apply the GDPR protections to ALL users (it’s the law). This is however not automatically set up by us (meaning that you still have the physical option to toggle this switch as you choose, so you ultimately decide if to honor the law or not in this regard. We of course STRONGLY recommend following the law and applying the protections to all users.

GDPR and EU standards

You can find the switch here:

  • log into your privacy policy admin area
  • enter the editing of your privacy policy, which can be found via Dashboard -> then click on your policy -> and go to “edit” from the privacy policy section
  • there’s a box housing the switch to enable the GDPR text called “Enable GDPR wording”
  • under the heading “Apply GDPR’s broader protection standards to” choose from “Apply to all users” (default option) or “Apply to EU users only

This allows you to consider your specific case and react to where your users/clients are based and choose accordingly.

Want to learn more about the GDPR? Please have a look at our detailed GDPR guide.

What changes have been made to the policy text?

In addition to the above information, you can find a summary of the changes introduced in reaction to the requirements of the GDPR here.

Depending on the type of privacy policy you choose, here are the changes for each of these policies compared to the earlier iubenda policies:

Version GDPR texts for everyone

  • general: improvements in readability
  • added: a section outlining the legal basis of processing
  • rewritten large parts: the section about the place of processing is now explicit about data transfers and the user’s informational rights regarding such transfers
  • rewritten: retention time now outlines the rationale behind any retention periods of user data
  • added: we’ve added a dedicated user rights section to accommodate rights required by the GDPR
  • rewritten small parts: the changes to this privacy policy section has been updated to account for GDPR rules
  • rewritten small parts: the definitions section was updated to account for GDPR wording
  • rewritten: the legal information section was updated to precisely describe the basis of the privacy policy wording
  • rewritten small parts: the cookie policy text has been rewritten to use the same terminology as the privacy policy and therefore play well with the rest of the system

Version GDPR texts only when European data protection legislation applies

  • general: improvements in readability
  • added: a section explaining that this privacy policy text follows two differing standards depending on which legislation applies to the user. This standard is explicitly mentioned within all of the privacy policy where differences are applicable
  • added: a section outlining the legal basis of processing
  • rewritten large parts: the section about the place of processing is now explicit about data transfers and the user’s informational rights regarding such transfers
  • rewritten: retention time now outlines the rationale behind any retention periods of user data
  • added: we’ve added a dedicated user rights section to accommodate rights required by the GDPR
  • added: a section that outlines when the broader of the differing standards apply to users
  • rewritten small parts: the changes to this privacy policy section has been updated to account for GDPR rules
  • rewritten small parts: the definitions section was updated to account for GDPR wording
  • rewritten: the legal information section was updated to precisely describe the basis of the privacy policy wording
  • rewritten small parts: the cookie policy text has been rewritten to use the same terminology as the privacy policy and therefore play well with the rest of the system

Want to learn more about providing a GDPR privacy policy? Please have a look at our guidance to choose the right services.

Still have questions?

Visit our support forum Email us