How GDPR affects your terms and conditions, privacy and cookie policies
GDPR comes into effect across the EU on 25 May 2018. It’s a new, harmonized set of regulations to protect the data of individuals and give businesses a single set of rules to follow. One of the effects of GDPR is the way that terms and conditions, privacy policies, and cookie policies are created and presented to people.
Terms and Conditions
Until now, it’s been common to present people with lengthy terms and conditions online, full of complex legal jargon which few people ever read before ticking the consent box. GDPR sets up a couple of important tests for these terms and conditions. They have to be clear and concise to pass these tests. In practice, this means that the terms and conditions must be written in a way that can be understood by the reader – in plain, everyday language, not legalese. It also means that they have to be short enough to read and comprehend. They must be understandable, and useable. If the data being collected is going to be used in different ways, then the individual has to give consent to each of those, too. So business as usual with terms and conditions ends in May: your company will need to pass these tests.
Your privacy policies also need to be usable and understandable. That means simple language, presented clearly in a reader-friendly style. Importantly, consent must be asked for, explained and each consent has to be for a single type of data use. Where data is being taken, the policy should spell out where it is going, why, and who is being given access. There should also be a reference to where the reader can freely go to find out more about how their data will be used.
When GDPR comes into force on May 25, make sure your terms and conditions, privacy and cookie policies are updated and fit for purpose. Find out more about how your data policies can meet GDPR.