GDPR policy documents

When you have policy documents for the personal data that your company process you need to make the policies available for the persons who's data is included in the policy.

An example could be a policy for sales, websites or recruiting. These stakeholders will usually be external and will have access to your website. Hence it would make sense to publish such policies on your website. If you do not have a website you can send your privacy policy to sales counterparts as part of the order or similar that you send your privacy policies to your customer, no later than immediately after your first contact with them.

Another example could be HR where this usually involves internal stakeholders (employees). These policies could be published on an intranet, sent to the employees email or similar.

Overall you should ensure that the person types or group that you are collecting data about should have access to the privacy policy relevant for them as soon as possible. The best case would be if you could do so before you collected the data. 

Did this answer your question?