Drafting compliant documentation Privacy
Why does an organization need a privacy-compliant documentation
- The organization has to create adequate and legally compliant policies, documents, and forms to ensure compliance with data privacy laws.
- The basic requirements under GDPR are that the data subject has the right to be informed about the collection and use of their data. Therefore, any entity that collects personal data from individuals has the corresponding obligation to provide the individuals with information regarding the purposes for processing personal data, retention periods, and data sharing.
- The documentation related to privacy compliance is vast and complex and can range from privacy notices, privacy policies, cookies policies, data processor agreements among others.
- The privacy laws mandate that any information in a privacy notice be provided in a concise, transparent, intelligible, easily accessible manner using clear and plain language.
- It is equally important that privacy documentation is regularly reviewed and, where necessary, updated to reflect the changing regulatory landscape. Also, if an organization intends to use personal data for a new purpose, the privacy notice has to be suitably amended to communicate the changes to data subjects before engaging in the new processing activity.
- If an organization is collecting personal data of children, special care needs to be taken to ensure that the information provided is written appropriately with clear and plain language.
- Preparation of privacy-related documentation requires significant attention to detail and analysis of complex legal laws to ensure legal requirements are completely incorporated in the documentation.
How can DATAOLOGIE assist you?
- Scope Assessment - We undertake an information audit and data mapping exercise to find out the personal data an organization holds, how the organization collects such data and what purposes the data is being utilized for.
- Drafting - Based on scope assessment, we analyze the drafting needs of the organization. Our drafting is in a simple, yet solid and effective fashion using multiple techniques based on the unique requirements of the organization. The mechanisms among others we employ include:
- layered approach (drafting short notices containing key privacy information that have additional layers of more detailed information),
- Just-in-time notices – We draft relevant and focused privacy information delivered at the time the organization collects individual pieces of information
- Icons – We create small yet meaningful symbols designating the existence of a particular type of data processing,
- Mobile and smart device functionalities – We help create pop-ups, voice alerts, and mobile device gestures.
- Regulatory Updates - We conduct regular reviews to assess that the documentation remains accurate and up to date. This way we ensure that the organization always has the latest documents in tune with the latest laws. We draft the policies to be flexible enough to accommodate changes.
- Multiple and diverse documentation - Our drafting is diverse including without limitation privacy notices, company internal privacy policies, cookie banners, GDPR internal documentation guides, data processing agreement, Data Subject Access Rights Request forms, plans, and procedures related to the handling of security incidents and breaches, communication forms, acceptable use policies, among others.
- Improvisation - We also assess your existing documentation to ensure that the same is updated and improvised reflecting the current privacy trends and regulations.
- We draft any compliant documentation keeping the organizations’ interest in perspective but also focused on the intended audience.
- Our documentation is drafted by experienced SMEs who always thrive to keep the documentation simple, visible, and transparent, reflecting the core values of the organization but strongly incorporating the legal principles in totality. We always use a methodical, logical, and structured approach for drafting and review.
- We use the latest technologies to deliver value-added drafting documentation.
- We conduct user testing to evaluate the effectiveness of the privacy documentation.
- Our documentation is clear, specific, powerful, and compelling covering all facets of privacy and security thereby creating a sustained and accountable environment within the organization.
- Our professionals are well-versed in international laws such as UK DPA GDPR (DPA 2018), Privacy and Electronic Communications Regulations (PECR), Personal Information Protection and Electronic Documents Act (PIPEDA), California Consumer Privacy Act (CCPA), South Africa's Protection of Personal Information Act, Australia Privacy Act, among others, and fully understand the legal systems in the US, UK, EU, ME and the Asia Pacific.
Which companies use Dataologie Services
- The companies who use DATAOLOGIE services always aim to provide the latest guidance/information for the individual employees, and other stakeholders to build a culture where documentation is used and consulted to drive any decisions and actions.