Which GDPR policies do businesses need to have in place?

Any business that collects, stores and uses personal data must have certain policies in place to ensure it is GDPR compliant.??

There are basic policies every business needs to ensure compliance and peace of mind. They should be in plain English, with no jargon, and not directly copied from another website – they should be relevant and bespoke to your business, your operations and services you provide.??

A privacy notice?

This should state what data you’ll collect, why and how you’ll use it, who you’ll share it with, and include your contact details.??

Cookie policy?

This tells your website users what cookies (pieces of information that allow a site to remember information about users’ visits) run on your site, the data they track and why, and where it is sent.?

Website terms of use?

This document protects the intellectual property on your site, your images and text – what happens if someone copies and uses it without your permission or embeds your site somewhere that conflicts with your values.??

Data protection policy?

An operational guide which clearly sets out how your business manages personal information including details on what you’re using it for, record keeping, and your retention policy.??

Incident management plan

This details how your business would deal with a customer complaint, a Data Subject Access Request (DSAR) which is when an individual requests to see all information your business holds on them, and a data breach, whether serious or not.??

Get in touch for a free discovery call to ask questions and see if your business is as compliant as it should be.?