- Increased transparency into the data/information captured by the organization. This may also include making it easier for the users to understand the information the business collects and why it collects that information.
- Privacy rights of the users and how they can exercise them.
- How the business collects, uses, shares and protect user’s personal data.
- Explains how long information is retained, and how data transfers to the 3rd party are handled.
- The legal basis that business relies upon to process user’s personal data.
- If your clients include children, then raise the age restriction to use your services from 13 to 16 years.
b) Ensure you have a process in place to allow all users of your services the following by providing a form of identification:
- Request access to their data/information stored with the organization
- Delete all personal data/information that is stored with the organization
Some businesses are referring to this as a “Privacy Centre”, a form of a more commonly used “Preference Centre”.
c) Assign a Data Protection Officer and provide their contact information so users may contact them with any questions or concerns related to data protection.
Note: The above information is meant as a starting point to help you identify and implement the GDPR compliance. This is not intended as legal advice. Please contact a lawyer to see if there are legal risks to your business.