Simply Updating your Privacy Policy Won’t Make You Compliant

Simply Updating your Privacy Policy Won’t Make You Compliant

Each program has a logical sequence of steps. Before proceeding to the next, the previous step must be complete. One depends on the other.Imagine you are developing a new AI in your company. Then divide your project into three main phases:

1. Define WHAT the AI must be able to do.

2. Define HOW how the AI should do it (create the code).

3. Test the demo and make final adjustments. 

If the developer does not have all the information for their coding, they will not be able to execute it properly. Phase 2 depends on phase 1 to move forward.

A GDPR compliance program is no different. The program needs to start with a Data Mapping of the company. It is the only way to understand how the company operates, what type of data it collects, and for what purpose. Then a Gap Analysis is conducted to assess what the company is doing right and what is missing. After this first phase, we can move on to the remediation phase with all the necessary information.

In the remediation phase, we create and update policies and procedures. In this phase, we make employees aware of the changes through intensive training. So this is the right time to update a Privacy Policy. 

The policy must include all categories of data the company collects, along with the purpose and legal basis for the data processing. This information is a prerequisite for the successful completion of a Data Mapping. 

Pushing for an expedited Privacy Policy actually delays the completion of the entire project, and in the end, the policy will need to be updated again after the Data Mapping. Therefore, it is counterproductive.

Updating a Privacy Policy with inaccurate and incomplete information is just as bad as not updating it at all. It can be even worse because it makes it appear that you are trying to mislead your users instead of only being absent-minded to them. It shows that your company is not trustworthy.

Understandably, business partners and contract negotiations can sometimes cause you to rush the process, but the main focus should be on the bigger picture. Your partners want to see you comply, or at least do your best to do so. Be honest with them! Tell them you are working on it and provide documents to prove your progress. In the long run, this is much better than submitting a revised document full of empty words.

Need more insights on how to achieve full compliance? Check our latest blog updates, and don’t forget to contact us.  

Related Posts