You should know by now that there are no free services or products. You either pay your money, or you pay with your data.
The GDPR requires that when using personal data, you must tell people what you are using their data for, how you use their data, and what their rights are in relation to their personal data.
What Is Personal Data?
Personal data is any information that can identify an individual (natural person). It can be a name, surname, telephone number, email address, location, age, IP address, person’s business email address and more.
However, business data that does not relate to any specific individual is not personal data (such as email address firstname.lastname@example.org).
Typical cases when personal data is used are:
- contact form
- email newsletter
- payment processing
- delivery of products or services
- website or app analytics
- online questionnaires
- live chat or chatbot
- user profiles
- Your business complies with the law (GDPR).
- You avoid unexpected fines. If you don't comply with the GDPR, you may face a fine of up to €20 million or 4% of the total worldwide annual turnover (whichever is higher).
Lately, small businesses and individuals also receive fines for not having privacy policies or having insufficient information in their policies.
- You build trust with your customers. Your customers know why you need their personal data and how you will use it.
- information about your company/organization and your contact details
- to which particular website, app, or activities does the policy apply
- what personal data do you use
- why and how do you use the personal data
- legal basis for using the personal data
- how long do you store the personal data
- to whom you disclose your users' personal data and if you transfer the personal data outside the EEA (European Economic Area)
- the users’ rights, including the right to submit a complaint to a supervisory authority (in Latvia – the Data protection inspectorate)
- Hire a law firm: the best option, but it usually costs the most and takes some time.
- Write the policy yourself: Unless you are a lawyer, understand the GDPR and want to spend your time writing legal documents, you should avoid doing this.
Other Ligalio blog posts you may be interested in:
Is Google Analytics Illegal in the EU?
Article 6 GDPR and How to Apply It