Privacy Policy vs. Privacy Notice and Data breaches
Assign topic to the user
1. So the first one, should the company have both: privacy policy and privacy notice? Cause I see the differences between these two, but it is really hard to find a web were both of them are there... So I messed up...
2. next one, can I write about data breaches in my risk policy? Cause there are written all information about several breaches, so it seems to me legit to write this one as well...
Answer:
1. The Privacy Policy in the EU GDPR Documentation Toolkit is meant to be an overall Policy to describe what is a company doing to be compliant with the provisions of the EU GDPR. The Privacy Notice on the other hand is a document meant to explain to the data subjects what is a data controller doing with their data. So, as you can easily see the two documents are meant to serve different purposes. To learn more about privacy notices check out our webinar “Privacy Notices Under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/)
2. Yes, you can. Just make sure that you can distinguish between a personal data breach and a breach that does not involve personal data. To learn more about data breaches check out our webinar “A How-to Guide for GDPR Data Breach Notifications” (https://advisera.com/eugdpracademy/webinar/a-how-to-guide-for-gdpr-data-breach-notifications-free-webinar-on-demand/).
Comment as guest or Sign in
Jun 18, 2018