It has been almost six months since the General Data Protection Regulation (GDPR) 2018 but many businesses still do not have GDPR compliant privacy policies on their websites.
We have seen a marked increase in the number of enquiries we receive from individuals concerned about their privacy rights since May. GDPR has been well publicised, and individuals are now acutely aware of their data protection rights and are getting more savvy at enforcing them. We have also seen an increase in the number of businesses receiving subject access requests under GDPR, whether it be from disgruntled employees, recipients of marketing emails or disgruntled customers. Many businesses have found these requests difficult to respond to, particularly if they have not updated their privacy policies.
2. Your policy does not state who the data controller is
3. Your policy does not mention the legal bases you are relying on to process personal data
4. Your policy does not inform individuals of the various rights they have under GDPR
5. Your policy does not cover international data transfers
6. Your policy states that you do not share personal data with third parties (this is unlikely to be true when you use external hosting or software providers)