Data Protection Policy
Personal Data Policy
A personal data policy created for a website functions as an internal framework and regulates how a website stores and manages the personal data of its visitors. Since the General Data Protection Regulation (GDPR) came into force in 2018, stricter requirements have been placed on how personal data may be handled.
What is it?
Personal Data
Personal data is any information that can directly or indirectly be linked to an identifiable natural person. Direct personal data can identify a person on its own, while indirect personal data may identify a person when combined with other information.
Examples of personal data under GDPR include names, personal identification numbers, addresses, phone numbers, photographs, and email addresses.
Direct personal data includes, for example, names and personal identification numbers, whereas IP addresses and place of residence are considered indirect personal data.
Personal Data Policy
All websites that process personal data must do so in accordance with GDPR. One of the basic requirements for processing personal data is obtaining consent from the individual concerned. Consent must be informative, and a website visitor must easily be able to find out how their personal data is processed, which is why a policy must be established.
A personal data policy should clarify which personal data the website collects and stores, how it is used, how visitors can control this, and how they can contact the owner of the website.
How does it work?
A personal data policy for a website must be established by all companies and public authorities that operate a website handling personal data.
A personal data policy forms an internal rulebook for how personal data will be processed. It must be clear, specific, and easily accessible. Once the policy has been created, it must be published on the website so that it is available to all visitors.
When creating a website, it is also advisable to establish a cookie policy—i.e. a policy outlining how small text files store information from the user to improve their experience—as well as terms of use, which set the boundaries for how the website’s users may and may not act.