- creates contractual rights and obligations, and is essentially your promise to the world about how you will treat personal information;
- is also a trust and brand building exercise in that it reassures people, and makes you more likely to succeed in collecting their personal information;
- is the mechanism through which you comply with many parts of the law, by allowing you to specify your purpose, be open about your processing, and allow a data subject to participate.
Questions you should be asking
- Are you wondering whether yours is in-line with the latest laws and regulations?
- Does it comply with the GDPR and the Protection of Personal Information Act (POPI Act)?
- Are you worried that you are missing things in it?
- Is it broad enough to cover all your data subjects?
- Does it comply with the latest law?
- The structure of the policy.
- The language of the policy. Is it in plain language?
- Is it likely to make your customers or employees (whichever situation it applies to) trust you as an organisation?