Platform Overview

Difference Between a GDPR Privacy Policy and Privacy Notice?

Fundamental difference

Fundamentally, a privacy policy is internally focused. This policy can dictate how personal information should be handled by an organisation. However, a privacy notice is externally facing, informing customers, regulators and all other relevant stakeholders how the organisation handles personal data.

GDPR privacy notice explained

A privacy notice explains how personal data is managed. The GDPR guidelines specify that organisations need to provide external stakeholders with a privacy notice that has the following qualities.

  • In a concise, transparent, intelligible, and easily accessible form
  • Written in clear and plain language, particularly for any information addressed specifically to a child
  • Delivered in a timely manner
  • Provided free of charge

Where a company is collecting information from individuals directly, the GDPR details specific information which needs to be included in a company’s privacy notice. Subsequently, some of the requirements of a GDPR privacy notice are outlined below.

  • The identity of a company’s Data Protection Officer.
  • The purpose and legal basis for an organisation processing an individual’s personal data
  • Any recipients of an individual’s data
  • The retention period of any data
  • The right to withdraw consent where relevant
  • The right to complain to a supervising authority
  • Details of any data transferred to a third country and the relevant safeguards taken
  • Whether the provision of personal data is part of a statutory or contractual obligation
  • The existence and details of an automated decision-making system

GDPR privacy policy explained

Preexisting privacy policies are often the basis for the creation of privacy notices. They are consequently the first step in an organisation establishing what is permissible regarding data privacy. Privacy policies are typically legal documents which internally disclose some or all ways an entity gathers, uses and manages private data. However, this data can be personal in nature and related to customers or other stakeholders. Therefore any company with a presence in the EU or an organisation which monitors user information or behaviour should create a GDPR privacy policy.

However, a major component of the GDPR is being transparent and providing accessible information to individuals about the collection and use of their personal data. Consequently, a privacy policy is a key way in which companies fulfil this obligation. Many businesses make their privacy policy public, this aids in transparency and compliance with certain regulations.

Conclusion

Therefore, a privacy policy and notice are distinct. Where relevant it’s important to remain compliant with the GDPR. Consequently, if you are unsure about your obligations regarding data privacy you should consult a business lawyer.

Don’t know where to start?
Contact a Lawpath consultant on 1800 529 728 to learn more about customising legal documents and obtaining a fixed-fee quote from Australia’s largest legal marketplace.

You may also like
Recent Articles

Get the latest news

By clicking on 'Sign up to our newsletter' you are agreeing to the Lawpath Terms & Conditions

Share:

You may also like

Having an equitable interest in a property may give the holder the right to acquire legal title. Find out what this means and when it can occur here.
If you're interested in protecting your assets for your children, a descendant's trust is likely the best option. Our article breaks this down.
Have you ever wondered whether there is a legal requirement to provide a receipt to customers? Read along to find out when you need to.