A Privacy Policy is a legally binding notice of how a company deals with a contact's (customer, prospect, employee) personal information. Under the Data Protection Act, the rules on these were quite unspecific however under the General Data Protection Regulation (GDPR), the rules are much more stringent. The GDPR demands that Privacy Policies are 3 things:
Under the GDPR, a company's Privacy Policy should contain all information about the collecting, sharing and storage of the contact’s personal information. You can visit the ICO for a full list of what should be on your Privacy Policy, but the key points are:
We have partnered up with Data IQ to survey organisations on their preparations for GDPR.