GDPR: 5 Best Privacy Policy Examples

The General Data Protection Regulation (GDPR) went into effect in Europe in 2018. Since then, companies across the globe that process the personal data of EU citizens have been required to tighten up their data security and data privacy measures, and present their data practices to the user in the form of a privacy policy. Over time, businesses have gotten more adept at crafting and presenting privacy policies, and we’ve included five examples of the best ones. 

According to the GDPR, any business that handles personal data from EU citizens are required to make certain disclosures to those consumers in the form of a privacy policy. Users must give explicit and informed consent for you to process their information. If you do process data, you must follow GDPR’s data protection and accountability principles:

1. Data processing must be fair to the data subject
2. Data must only be processed for specific and legitimate purposes, outlined in your privacy policy
3. Don’t collect more data than you need
4. Make sure the data you collect is accurate
5. Don’t store personal data longer than needed for the specified purpose
6. Process data in a way that ensures security, integrity, and confidentiality
7. Be able to demonstrate compliance with these principles.

In order to meet these stipulations of the GDPR, Several businesses have built “hubs” for their privacy policies. This is a dedicated area where data subjects (visitors to your website, customers, etc.) can go to view:

• How their data is being used
• Where it’s being used
• How your data is being collected and what type
• Terms of the policy
• Where subjects can revoke consent.

Below are five examples of well-presented privacy policies companies should mirror as they create their own GDPR-compliant practices.

Disney’s privacy policy hub

In addition to the above, Disney also is clear about how the company and its advertisers track your web behavior for advertising purposes, as well as how they protect their largest audience, children. 

See Outbrain’s privacy hub here.

The Outbrain Legal Center includes its privacy policy, which details how the company uses and stores data related to the end users of its customer, their customers, and their business users and partners.

Below is a screenshot depicting this, showing the different types of personas:

• Site Visitors: Visitors to Outbrain.com that are anonymous to Outbrain;
• Users: The end user of Outbrain’s customer on websites like CNN.com, Sky.co.uk, and thousands of other publishing websites.

Business Partners: Users that register with Outbrain on behalf of the company they work for to use the Outbrain Amplify or Outbrain Engage Services.

Outbrain’s cookie policy details which cookies (web activity) is stored for how long for each of these user types.

Uber’s privacy policy website here.

Uber’s privacy policy is another great example of being easily acceptable and digestible. The very first thing on its privacy policy page is when the policy was last updated, where to download it, and a menu where data subjects can easily access how their data is collected and used.

See Google’s Privacy policy website here.

Google is of course another great example of providing a transparent privacy policy for its users. Complying with one of the GDPR’s most crucial policies—the ability for a data subject to revoke consent of data—Google clearly depicts how and where a user can remove data.

See Twitter’s privacy policy here.

Twitter’s privacy policy website is outlined like those of the other leaders on this list, providing how tweets, location, and personal information is used. They have also made it relatively easy to read and understand the significance of the policy.