You’ve no doubt heard about the GDPR (General Data Protection Regulation), which focuses on protection of personal data and digital privacy in general. Although the GDPR largely applies to businesses that either a) offers products/services, and/or b) collects personal information from, the new GDPR policy applies to anyone regardless of location.

Today we’re going to break down everything you need to know about what you need in your privacy policy and how to remain GDPR compliant in your business.


Simplifying Your Privacy Policy

One of the goals of the GDPR is to simplify the language used in privacy policies so that the average user can understand exactly what is happening with their data that they’re providing, without needing someone else (like a lawyer) to decipher your intent and processes with their data.

Data collection and processing procedures need to be communicated in a way that is concise, transparent, intelligible, and in clear and plain language. This has been done to avoid the dense legalese that has been commonly used prior to the GDPR.

Being Transparent In Your Privacy Policy

In addition to simplifying the communication of your processes, your privacy policy also needs to disclose more information than was required prior to the GDPR (while still being clear and concise about it).

Below is everything you need to communicate to your users through your privacy policy?

  • Personal information – the specific information you collect that relates to the user as an identified or identifiable person
  • How you collect the user’s information and why you’re collecting it
  • How you are securing and protecting the data you’re collecting
  • Information about third parties that have access to the information you’re collecting from your users
  • If you use/store cookies
  • How your user can control any part of the data collection, storage, or processing of their personal information

Other Information You Need in Your Privacy Policy to Be GDPR Compliant

In order for your privacy policy to be compliant with the GDPR, you need to provide information on the following (while also still being concise and clear for your user):

  • Who your data controller is
  • Contact information for the data controller
  • Whether you use data to make automated decisions
  • Inform users of the 8 rights they have under the GDPR (which sums up as the right to access their data, request changes, and make deletions and corrections)
  • Whether or not providing data is mandatory (and what happens if they don’t give personal data, such as not being able to create an account or receive emails)
  • Whether you transfer data internationally
  • What your legal basis for processing data is

There’s no need to feel overwhelmed about the GDPR, even if it seems daunting at first when creating your privacy policy and striving to stay GDPR compliant from start to finish. This page will help you get started with the foundation of your privacy policy and what you need to be and stay compliant with the GDPR.


If you have questions about the GDPR or want to ensure that your privacy policy is going to be compliant with the GDPR, you can reach out to us at C2CG and we’ll be happy to help.