Why does an organization need a privacy-compliant documentation

• The organization has to create adequate and legally compliant policies, documents, and forms to ensure compliance with data privacy laws.
• The basic requirements under GDPR are that the data subject has the right to be informed about the collection and use of their data. Therefore, any entity that collects personal data from individuals has the corresponding obligation to provide the individuals with information regarding the purposes for processing personal data, retention periods, and data sharing.
• The documentation related to privacy compliance is vast and complex and can range from privacy notices, privacy policies, cookies policies, data processor agreements among others.
• The privacy laws mandate that any information in a privacy notice be provided in a concise, transparent, intelligible, easily accessible manner using clear and plain language.
• It is equally important that privacy documentation is regularly reviewed and, where necessary, updated to reflect the changing regulatory landscape. Also, if an organization intends to use personal data for a new purpose, the privacy notice has to be suitably amended to communicate the changes to data subjects before engaging in the new processing activity.
• If an organization is collecting personal data of children, special care needs to be taken to ensure that the information provided is written appropriately with clear and plain language.
• The e-Privacy Directive (EPD) and GDPR mandate that an organization has to obtain users' consent before an entity uses cookies except for strictly necessary cookies. Additionally, an entity is compelled to provide accurate and specific information about the data each cookie tracks and its purpose in plain language.
• Preparation of privacy-related documentation requires significant attention to detail and analysis of complex legal laws to ensure legal requirements are completely incorporated in the documentation.

How can DATAOLOGIE assist you?

• Scope Assessment - We undertake an information audit and data mapping exercise to find out the personal data an organization holds, how the organization collects such data and what purposes the data is being utilized for.
• Drafting -  Based on scope assessment, we analyze the drafting needs of the organization. Our drafting is in a simple, yet solid and effective fashion using multiple techniques based on the unique requirements of the organization. The mechanisms among others we employ include:
  • layered approach (drafting short notices containing key privacy information that have additional layers of more detailed information),
  • Just-in-time notices – We draft relevant and focused privacy information delivered at the time the organization collects individual pieces of information
  • Icons – We create small yet meaningful symbols designating the existence of a particular type of data processing,
  • Mobile and smart device functionalities – We help create pop-ups, voice alerts, and mobile device gestures.
• Regulatory Updates - We conduct regular reviews to assess that the documentation remains accurate and up to date. This way we ensure that the organization always has the latest documents in tune with the latest laws. We draft the policies to be flexible enough to accommodate changes.
• Multiple and diverse documentation - Our drafting is diverse including without limitation privacy notices, company internal privacy policies, cookie banners, GDPR internal documentation guides, data processing agreement, Data Subject Access Rights Request forms, plans, and procedures related to the handling of security incidents and breaches, communication forms, acceptable use policies, among others.
• Improvisation - We also assess your existing documentation to ensure that the same is updated and improvised reflecting the current privacy trends and regulations.