Privacy policy

A privacy policy or privacy statement is a statement in which the person who processes personal data of, for example, customers, employees or visitors, informs them about the way in which these data are processed. This obligation to draw up a privacy policy is laid down in the General Data Protection Regulation (GDPR). A privacy policy provides a clear overview of the data that is collected, meets the requirements of the Personal Data Protection Authority (AP) and prevents fines.

What does a privacy policy contain?

The most important data to be included in a privacy statement are the identity of the data processor (the organisation processing the data), the purpose of processing the personal data, the basis for the data processing, the rights of the data subjects under the GDPR, the security measures to be applied to the data, retention periods, recipients of the personal data, whether or not profiling is used and whether the data is processed outside the European Union (EU). It is important that the privacy policy is easy to find and clear to customers, employees or e.g. visitors to your website.

An internal privacy policy

An internal privacy policy is, just like the privacy policy discussed above, a policy by which you, as a data processor, show that you have thought about your data processing. However, where a privacy policy is used for external purposes, an internal privacy policy is used for internal purposes, aimed at employees. An internal privacy policy shows what measures your organisation takes to ensure the protection of the personal data that is processed.

Not every organization is obliged to draw up such a policy. Your organisation is obliged to draw up an internal privacy policy if, according to the GDPR, this is 'in proportion to the processing activities' of your company. It must therefore be assessed whether the nature, scope, context and purpose of the data processing by your organisation require an internal privacy policy. However, even if your organisation is not required to implement a data protection policy, it may still be wise to do so. By doing so, you show that your organization protects the personal data you process well and that you take this protection seriously.

Assistance in drawing up an (internal) privacy policy

Are you looking for legal advice on drafting a privacy statement, do you want to know whether you meet the requirements for a privacy statement laid down in the GDPR, or do you want to know whether your organisation is required to draw up an internal privacy policy, we at Legal Q are happy to help you!



Specialist privacy policy

The legal experts at Blatter Legal are happy to help you draw up a good privacy policy for your organization.
Innovation / Growth / Commitment

Get in contact

You can contact us by filling in our contact form. We will respond as soon as possible. Of course you can also email or call us directly.

040 - 248 1881