SAY WHAT YOU DO…
… AND DO WHAT YOU SAY
KEEP IT SIMPLE
- The identity and contact details of your organization and data protection officer,
- Purposes for processing personal data,
- The legal grounds for processing
- Who can access data and who receives it
- If data is transferred to another country, and if this is safe
- How long data is retained
- Information about the rights people have (for example their right of access, rectification and erasure of their data).
FIND THE RIGHT BALANCE
A best practice is to start with a short but complete high-level statement. For people interested in more details (and to add all the mandatory items of GDPR) a second part is constructed and published.
Information about processing personal data of employees is mostly published separately on internal media (like an intranet) and combined with an awareness program.
Feel free to contact us for help: the first consultation is free.
Your first question is free of charge.