Do I Need an Updated GDPR Privacy Policy?


The aim of the GDPR privacy policy is to protect the user’s right to protect their personal information.

Even if your company is not located within Europe, your users may reside within the EU, which is why you will have to create a clear and specific privacy policy in compliance with the GDPR.

The purpose is to establish one privacy policy for the whole region to replace the multiple different laws intended at protecting users right to privacy.

Failure to abide by the new privacy law will cost your organization penalties of up to $20 million or 4% of global annual turnover, whichever is higher. In the year 2019, you should already be following the GDPR privacy policy.


Create an Easily Understandable Document

The privacy statement should be written in an unambiguous language; it should be easy to comprehend by the masses.


Specific Privacy Policies

The only difference in the new privacy policy is it is clearer and more specific. Fortunately, you are not required to write another document! Instead, adding one or two sentences to some of the clauses will make it more specific and GDPR compliant.


How to Update the Privacy Policy

To update the privacy policy and make it GDPR compliant, add, rewrite, or remove ambiguity from the existing privacy policy.

Fields that need to be added or modified are:

  • What information you collect, pertaining to the user.
  • Reasons for collecting user’s personal information
  • How do you collect this information?
  • What safety measures you take to protect this information
  • How long you keep this information
  • If the information collected is shared or sold. And to whom.
  • Do third parties have access to the information you have collected.
  • Do you use cookies?
  • How can your users access and control this information?
  • If you collect sensitive personal information such as race, sexual orientation, political and religious beliefs, you should mention them along with the reason for collecting this information.


Third Party Disclosure

The new privacy laws require a clear and detailed disclosure on how you handle the information collected, including if you share it with a third party. You should also specify the identity of these third parties in the privacy policy document.


Consider Hiring a Data Protection Officer

You may need to appoint a data protection officer if your organization is

  • A public authority
  • Handles and process sensitive personal information on a large scale
  • Involved in large scale systematic monitoring of data

In addition to appointing a qualified internal data protection officer, their name should be clearly mentioned in the GDPR policy of your company, along with their contact information.

To encourage your users to contact the DPO in case customers suspect a data breach, or have concerns or questions regarding the data policy.


Subject Access Request (or SAR)

Under the GDPR a user can request free access to their personal data by submitting a user access request. For this you will have to provide:  

  • Personal information collected and processed.
  • Who has access to this information?
  • If and how this information is being used for automated decision making.

We can help you for free!

If you not sure why your website is not performing, you have no traffic or the traffic that you do have doesn’t turn into sales we can help. We offer a free website audit report and conversation to explain what we see. This is NOT a sales call!! but we are always happy to work with you in the future. Book Your Free Audit Here


About Tanya

Tanya Amaya is well-known for her strategic imagination in aligning business goals with creative strategy and expression and has successfully led brand design, search engine optimization and marketing engagements for a variety of clients.

Her experience runs across a variety of industries—including international development, career development, litigation, technology, healthcare, retail, consumer products and professional services provided globally.

She teaches social media, search engine optimization and lead generation workshops through SCORE and events.

Committed to elegant solutions based on analytics and powerfully simple communications, her areas of expertise include sustainable design solutions, logo design, integrated brand identity systems, brand design and strategy, print design, web design, digital media strategy, site architecture, and site marketing.


About Analytic Design 

Founded by Tanya Amaya, a Washington, DC creative strategy veteran, Analytic Design is a privately held, full-service strategic design firm. We operate under an optimized consultant model that has proven for years over many client engagements to be scalable, flexible, and cost-effective.

We have three pillars of expertise and services: Strategic Branding based on marketing goals, Website/Application Design and Development, and Technical/IT support.

We have been helping clients create more authentic, compelling, differentiating, and relevant brand strategies, brand identities, content strategies and assets, websites, and marketing campaigns since we were founded and, for many of us, well before that.

We’ve enabled clients ranging from multi-million-dollar global enterprises to entrepreneurial small businesses to more effectively express their services and benefits, expand market perceptions, optimize competitiveness, continually improve marketing metrics, and increase market share.

Our consistent successes for clients tie directly to the quality and experience of our team, our approach to serving clients, as well as our creative, technical, and management capabilities.

Analytic Design is a Certified Small, Women-Owned Business.      

Leave a Reply

Your email address will not be published. Required fields are marked *