Privacy Policies must be reviewed and amended in line with the new regulations to be complaint with GDPR requirements.
Privacy Policies should clearly state:
- Who the organisation is and what the purpose of personal information collection is.
- The legal basis for processing this data and how consent is obtained.
- The Data Retention Policy in place.
- Individual's rights to access, withdraw consent or request erasure of their personal information.
- Parties that the individual's personal information will be shared with.
- RMS stores data outside the EU or EEA for the purpose of processing, backup and disaster recovery.
Under GDPR individuals must be provided the opportunity to 'Opt in' to their personal information being obtained, retained, updated and stored.
This consent is defined as:
any freely given, specific, informed and unambiguous indication of the Data Subject's (individual's) wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.