Simply, your website sets out:
what you do with the data
the purpose behind why you collect it
how you look after it
who you share it with
the legal basis for storing it (One of 6 including consent, legitimate interest or performance of contract)
how your customers can exercise their rights under GDPR
But have you considered:
Will children access your site?
Are you collecting any Special Category Data for example health data
Do you make use of CCTV ?
If you're based in Ireland you need to consider the Data Protection Act 1988 and the ePriivacy Directive
Which cookies your web develop has included in your site?
Back up what you promise with documentation
Your website sets out what you're doing but are you doing it in practice? How you can prove it?
A data protection policy is a good place to start. This is where you set out your practices like how you manage passwords, emails, device security, levels of access and more.
Record how long you store information for and how you dispose of it. Create some procedures for handling Data Subject Access requests and Security Breaches.
Overwhelmed? This is our business, we can make this simple and you can get on with the business of running your business
Data Influence will have a stand at the Galway Local Enterprise Office Website Wiki Day on Wednesday 5th February at the Salthill Hotel. We will be on hand to answer any questions you might have on Websites and Privacy Policies.
If you see us there, please come over and say hi - we'd love to meet you.