Privacy Policy for internal Employees and Privacy notice on Website
I am confused between the content of the Privacy Policy for internal Employees and The content of the Privacy notice on Website.
Assign topic to the user
EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
These are two different documents with different purposes, data retention periods and data collected.
Privacy notice on the website allows web users to know how you will process their data (navigation data, data coming from cookies, account data, etc.), for which purposes and how long you will process it. You may want to ask the consent of website use for marketing purposes and transfer their data to the third party processor (i.e. social networks). Maybe you will process users' data for two years.Privacy notice aims to inform data subjects what data will be collected, for which purposes and how long the data controller will process it. It must be specific and inspired to data minimization principle (ask only necessary data)
You should also have a privacy notice, attached to the job contract to inform employees about how you will process their data because the purposes of processing, the legal ground, the data retention period will be different from data collected from website users.
Privacy policy for employees is another document that aims to teach employees how to handle personal data collected. You must set some internal rules on data processing. Some basic rules are to not leave personal data accessible, do not share personal data with unauthorized persons, if they suspect a data breach inform the security officer or DPO (if there is one), how to handle data subjects requests, and so on.
You may find some useful information in the following articles: Everything you need to know about the GDPR Privacy Notice: https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/
Four main questions for obtaining and managing data subjects’ consent under GDPR: https://advisera.com/eugdpracademy/knowledgebase/four-main-questions-for-obtaining-and-managing-data-subjects-consent-under-gdpr/
Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
How the GDPR could impact your HR department https://advisera.com/eugdpracademy/blog/2018/02/22/how-the-gdpr-could-impact-your-hr-department/
Contents of the Data Protection Policy according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/contents-of-the-data-protection-policy-according-to-gdpr/
Comment as guest or Sign in
Apr 15, 2020