What is a GDPR Privacy Policy?
A Privacy Policy is a legal document that explains how you will manage the personal information you collect from website visitors and customers.
A GDPR Privacy Policy includes additional information in order to comply with the European Union General Data Protection Regulation (GDPR).
If your business has a presence in the EU, provides goods and services to EU customers or tracks users and behaviours in the EU, you need to have a GDPR Privacy Policy on your website. GDPR compliance is not optional!
Who can use this template?
- Business with operations in the EU
- Business that provides goods and services to EU customers
- Business with a website that targets EU customers (e.g. allows payment in euros or has a European language version other than English)
- Business with a website that collects and monitors data on users or behaviours from countries within the EU.
What is GDPR?
The General Data Protection Regulation (GDPR) is an EU legislation that aims to give the residents of the EU more control over their personal data. Under this regulation, organisations that handle data of EU residents must comply with data and privacy rules.
Non-compliance can result in hefty fines of up to €20 million or four percent of annual revenues, whichever is higher.
Do I need a GDPR Privacy Policy for my Australian website?
Yes, Australian businesses of any size must have a GDPR Privacy Policy if:
- Your business has a presence in the EU
- You provide goods and services to EU customers
- You collect and monitor data on users or behaviours from countries within the EU.
It’s important to stay on the right side of EU privacy rules and avoid steep penalties for non-compliance.
A Privacy Policy also shows visitors that your website is trustworthy and it can improve your site’s Google search ranking.
Am I legally required to have one?
Yes, if you meet any of the three conditions listed above, you must have a GDPR Privacy Policy. Not only EU businesses have to comply.
More info: Australian entities and the EU General Data Protection Regulation (GDPR)
Does your GDPR Privacy Policy template include all of the information that is essential for a GDPR Privacy Policy?
Yes it does.
There are certain terms and clauses which must be included to make a Privacy Policy compliant with the GDPR. Don’t worry, we have made sure our template includes all the necessary information and have written the policy according to best practice.
What’s the difference between a normal Privacy Policy and a GDPR Privacy Policy?
A GDPR Privacy Policy contains additional information that is legally required under the GDPR regulation in the European Union.
This information includes:
- who your Data Controller is and contact Information
- where personal data is not collected from the individual, the source and nature of that data
- Who your Data Protection Officer is and contact information
- Whether you use data to make automated decisions
- Informing users of the 8 rights they have under the GDPR
- Whether you transfer data internationally
- Legal basis for processing data
I run an online shop – is this the only legal document I need?
No, you also need Website Terms and Conditions of Sale. You are legally required to display terms and conditions on your website under Australian Consumer Law if you’re selling online. This includes extra terms for payment, delivery, refunds, warranty and consumer guarantees.
Our eCommerce Legal Bundle is an affordable way to grab all the other documents you will need for your online shop in one go.
Other names for a GDPR Privacy Policy
- GDPR Privacy Notice
- GDPR Privacy Statement