
How Many Website Privacy Policies to Maintain in Preparation for GDPR?
Under the GDPR, data controllers are tasked with communicating to data subjects how their data is processed in a way that is both concise and transparent. From a consumer-protection perspective, this is undoubtedly one of the regulation’s more commendable requirements; as many who have drafted website privacy policies understand, there is often tension between the twin goals of concision and transparency. Providing fully transparent disclosure about data-processing activities, while keeping such disclosures brief and easily readable, can be a tricky balance to strike.
One question the GDPR may prompt is whether it makes sense for an organization to maintain separate residency-dependent privacy policies, or a single, all-encompassing policy. There are pros and cons to each, and what works best for a particular organization will often depend on the operational impact of each, as well as the usability of each by the relevant data subjects.
The Multiple Privacy Policies Approach
Organizations that treat data-subject information differently depending on its origination point, or that opt not to extend the enhanced protections offered under the GDPR to non-European data subjects, may prefer to maintain separate residency-dependent privacy policies.
In this instance, the benefit is that each policy can be tailored, … Keep reading