GDPR for Non-governmental organization

2. We have mapped all data our organisation processes. They fall into several categories (members, stakeholders, prospects, etc.) and the legal basis used to process data can be different in accordance (legitimate interest, contractual necessity, etc.). The description of the legitimate interest can also differ within the same group, according to the type of stakeholder approached. My question is the following: can we send out specific - and therefore different - privacy notices to data subjects according to their characteristics (legal basis used, reasons for processing), or do we need to have only one publicly available privacy notice that would consider every situation where we process data?

Answers:

1. The EU GDPR is applicable to your processing activity as long as the processing acti vity takes place in the Union regardless if the data subjects are in the Union or not.
2. Regarding your privacy notices, you can bundle them for similar processing activities even if for example the legal basis would be different.

To learn more about privacy notices check out our webinar “ Privacy Notices Under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/)