- Data processing must be fair to the data subject
- Don’t collect more data than you need
- Make sure the data you collect is accurate
- Don’t store personal data longer than needed for the specified purpose
- Process data in a way that ensures security, integrity, and confidentiality
- Be able to demonstrate compliance with these principles.
In order to meet these stipulations of the GDPR, Several businesses have built “hubs” for their privacy policies. This is a dedicated area where data subjects (visitors to your website, customers, etc.) can go to view:
- How their data is being used
- Where it’s being used
- How your data is being collected and what type
- Terms of the policy
- Where subjects can revoke consent.
Below are five examples of well-presented privacy policies companies should mirror as they create their own GDPR-compliant practices.
In addition to the above, Disney also is clear about how the company and its advertisers track your web behavior for advertising purposes, as well as how they protect their largest audience, children.
Below is a screenshot depicting this, showing the different types of personas:
- Site Visitors: Visitors to Outbrain.com that are anonymous to Outbrain;
- Users: The end user of Outbrain’s customer on websites like CNN.com, Sky.co.uk, and thousands of other publishing websites.
Business Partners: Users that register with Outbrain on behalf of the company they work for to use the Outbrain Amplify or Outbrain Engage Services.