Blog

How GDPR affects your terms and conditions, privacy and cookie policies

  |   GDPR

GDPR comes into effect across the EU on 25 May 2018. It’s a new, harmonized set of regulations to protect the data of individuals and give businesses a single set of rules to follow. One of the effects of GDPR is the way that terms and conditions, privacy policies, and cookie policies are created and presented to people.

 

Terms and Conditions

Until now, it’s been common to present people with lengthy terms and conditions online, full of complex legal jargon which few people ever read before ticking the consent box. GDPR sets up a couple of important tests for these terms and conditions. They have to be clear and concise to pass these tests. In practice, this means that the terms and conditions must be written in a way that can be understood by the reader – in plain, everyday language, not legalese. It also means that they have to be short enough to read and comprehend. They must be understandable, and useable. If the data being collected is going to be used in different ways, then the individual has to give consent to each of those, too. So business as usual with terms and conditions ends in May: your company will need to pass these tests.

 

Privacy Policies

Your privacy policies also need to be usable and understandable. That means simple language, presented clearly in a reader-friendly style. Importantly, consent must be asked for, explained and each consent has to be for a single type of data use. Where data is being taken, the policy should spell out where it is going, why, and who is being given access. There should also be a reference to where the reader can freely go to find out more about how their data will be used.

 

Cookie Policy

Whenever an individual can be identified through data, GDPR applies. It doesn’t even have to be their name or home address – information from cookies would also count. Cookies contain identifiers that could be used to work out someone’s identity, such as their IP address. While not every cookie contains this kind of information, most do. To meet with GDPR standards, cookies must give users a clear affirmative action to complete, to give consent. Passive consent – such as the old-style ‘by using this site you agree to our cookie policy’ – will not be accepted. As well as consent, you also have to give people a clear path to opting out in future.

 

When GDPR comes into force on May 25, make sure your terms and conditions, privacy and cookie policies are updated and fit for purpose. Find out more about how your data policies can meet GDPR.

 

CONTACT STARBERRY TODAY