In addition to the stricter requirements around Privacy Policies, the GDPR also contains a new definition of consent. This means users are able to make more informed choices about whether to give you permission to process their personal data.
However, it also requires a little extra work on your part.
You don't need consent for all aspects of personal data processing. There are five other legal bases which might be more appropriate in certain contexts.
However, for some activities, it's usually best to seek consent. Examples include:
Sending direct marketing emails to new customers
Using targeted advertising cookies
Storing sensitive personal data
Your users must have a genuine, free choice to either consent or not consent. If you're seeking their consent for something, you must offer both options. It should be just as easy to refuse consent as it is to grant it.
Your users must positively affirm that they consent to you processing their personal data. It's no longer acceptable to assume consent from a person's silence. In other words, consent must be opt-in, not opt-out.
Don't present your users with pre-ticked boxes, or use statements like "by continuing to use our website, you consent to..."
There are many benefits to having an up-to-date, GDPR Data protection policy template.
You have a chance to review your data protection practices, so you're less likely to suffer a data breach or be subject to a complaint.
If either of these things do happen, you can show data protection authorities that you've done the right thing.
Your customers will feel that their personal data is safe and their rights are respected.
Most importantly, if you want to operate in the EU it's legally required.
Your Privacy Policy needs to include information about:
How your users can contact you
Your purposes and legal basis for processing their personal data
Any intended third-party recipients of their personal data
Any intended transfers outside the EU
How long you intend to store their personal data
How users can exercise their rights under the GDPR
Chapter 3 of the Create GDPR policy sets out the eight rights that people have over their data. The GDPR requires that you not only facilitate your users' access to these rights, but that you also make them aware of their rights in your Privacy Policy.
We collect information about the apps, browsers, and devices you use to access Google services, which helps us provide features like automatic product updates and dimming your screen if your battery runs low.
The information we collect includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, and application version number. We also collect information about the interaction of your apps, browsers, and devices with our services, including IP address, crash reports, system activity, and the date, time, and referrer URL of your request.
We collect this information when a Google service on your device contacts our servers — for example, when you install an app from the Play Store or when a service checks for automatic updates. If you’re using an Android device with Google apps, your device periodically contacts Google servers to provide information about your device and connection to our services. This information includes things like your device type, carrier name, crash reports, and which apps you've installed.
We collect information about your activity in our services, which we use to do things like recommend a YouTube video you might like. The activity information we collect may include:
Terms you search for
Videos you watch
Views and interactions with content and ads
Voice and audio information when you use audio features
Purchase activity
People with whom you communicate or share content
Activity on third-party sites and apps that use our services
Chrome browsing history you’ve synced with your Google Account
If you use our services to make and receive calls or send and receive messages, we may collect call and message log information like your phone number, calling-party number, receiving-party number, forwarding numbers, sender and recipient email address, time and date of calls and messages, duration of calls, routing information, and types and volumes of calls and messages.
You can visit your Google Account to find and manage activity information that’s saved in your account.
Please note that legal information, including legal templates and legal policies, is not legal advice.