In this blogpost we ask if you change the content of your Privacy Policy, must you then make a new version of the Privacy Policy? … and keep prior Privacy Policy versions on record?

Transparency

If you are a data controller, then the GDPR says that you are responsible for and must be able to demonstrate (GDPR Article 5.2) that you process personal data in a transparent manner in relation to data subjects (GDPR Article 5.1(a)).

Privacy Policy

You are transparent by providing data subjects with a Privacy Policy that meets the content requirements listed in GDPR Article 13 (when personal data are collected from the data subject) and GDPR 14 (when personal data are obtained from another source) and that meets the requirements to timing, language, form and structure (topic for a forthcoming blog post).

Privacy Policy life cycle must reflect the processing life cycle

The content requirements listed in GDPR Article 13 and 14 refer to your real world personal data processing cycle which by nature is dynamic.

Changing your real world personal data processing (which may happen quite frequently) may require you to change your Privacy Policy accordingly (topic for a forthcoming blog post) and communicate that change to data subjects (topic for a forthcoming blog post).

Changing the content of your Privacy Policy (which may be required frequently) may cause difficulties for you and for data subjects to remember or understand in which time periods 1) you carried out your real world personal data processing, and 2) your Privacy Policy with a specific content applied.

Demonstrating changes to your Privacy Policy

How will you be able to demonstrate that you provide data subjects with a Privacy Policy that shows which content that applied at a certain point in time?

Signatu solution

Signatu solves this problem by

  • Privacy Policy Generator. You generate and tailor make and deliver to data subjects Privacy Policies that meet the information requirements listed in GDPR Article 13 and 14.
  • Version numbering. You change the content of a Privacy Policy by copying the Privacy Policy and change and publish the copy (or generate a new Privacy Policy). This is super easy and time efficient!
  • Version history. Each generated Privacy Policy version is time stamped. Also, you can indicate when your Privacy Policy is published and effective.
  • Version record keeping. All prior published Privacy Policy versions are locked down in an immutable record, and can be made available in your app.

Reach out to us

If you have an interest in Signatu Privacy Policy, please send us an email to hello@signatu.com.