GDPR Data Privacy Policy Template

But why should your company create a GDPR privacy policy? There are many reasons. Under the GDPR you must take “appropriate technical and organizational measures” to secure personal data. What is appropriate depends on the processing risk. You must be able to demonstrate that you have taken appropriate measures and are able to make your considerations in this regard readily comprehensible.


Another important point is about your employees. With a data privacy policy the employees you minimize the risk to misunderstanding the GDPR requirements.

It is partly for that reason that it is important to check whether your data privacy policy is still compliant and to update it where necessary.

What is the difference between a data privacy policy and a privacy notice?

GDPR data privacy policy template

The two documents have a different purpose.

Privacy Policy: An internal statement that governs an organization or entity’s handling practices of personal information. It is directed at the users of the personal information. A privacy policy instructs employees on the collection and the use of the data, as well as any specific rights the data subjects may have.

Privacy Notice: A statement made to a data subject that describes how the organization collects, uses, retains and discloses personal information. A privacy notice is sometimes referred to as a privacy statement, a fair processing statement or sometimes a privacy policy.

Therefore, the data privacy policy has its focus internally telling employees what they have to do with personal information. In conclusion, the privacy notice has an external purpose, telling the customers (but also regulators, stakeholders, etc.) what the company does with personal information.