Data Protection for clients
We're a small company that want to ensure we are gdpr compliant. Are we required to have a data protection policy within our contracts, or is a privacy policy on our website enough?
Assign topic to the user
The data protection policy is an internal document that shows how the company deals with personal data and it is not published in contracts, so maybe you are referring to clauses on data protection in your contracts (yes, you should have) or to a data protection agreement as an annex to contracts signed with clients or suppliers (it is required if the contract involve the transfer of data between the two subject). The privacy policy on the website, usually, describes how personal data collected through the website are processed, it may involve also data processing made by the company with personal data of clients (i.e., there is an online shop).Of course, if your privacy policy on the website describes how your company processes data of clients, employees, and suppliers, you can state in your contract that data are processed according to the privacy policy available on the website (remember to insert the link).
Here you can find more information about the privacy notice.
- Everything you need to know about the GDPR Privacy Notice: https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/
- List of mandatory documents required by EU GDPR: https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/
If you need to understand how to process personal data under GDPR, you can consider enrolling in our free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Feb 18, 2021