What does it take to write a GDPR compliant privacy policy? It was easier than we realized! This is a continuation of our series on ensuring StatusGator complies with the terms of the European Union’s General Data Protection Regulation. To read the other parts of the series:
The GDPR has very specific requirements for privacy policies. Companies must provide clear and accessible information about the personal data they collect and what they do with it. The information must be in plain and simple language so that anyone can understand it. It must be comprehensive and cover all aspects of your data collection and processing. Your policy must be easily accessible and displayed to users at the point of data collection. It also must be linked on every page with the words “Privacy Policy”
Write Plain and Simply
We found plenty of resources that enumerated the requirements of a compliant privacy policy. In the past, we might have used a legal document template service. Or we might have wholesale copied a dozen paragraphs of dense privacy policy legalese as a starting point. But the GDPR’s requirement that your policy be clear and understandable is actually a benefit to us now as it obligates us to eschew legal text for a more human accessible language. We looked at a number of policies including the excellently written policy of Tuple, the pair programming app. Ultimately, because we were writing in plain English, drafting our new policy was comparatively easier under the GDPR.
Disclose Your Processors
The requirement that took the most effort was the research and documentation of all the third party processors we use. For us, this isn’t that many services but for other companies it could be dozens. A good place to start is your StatusGator dashboard. What are all the services you monitor on StatusGator? Many are likely processors of your customer’s personal data. Our processor list turned out to be the following:
- Google G Suite: our email provider
- Google Analytics: website traffic stats
- Stripe: processes payments
- FreshDesk: handles customer support tickets
- Bugsnag: logs unhandled exceptions in our applications
- Sendgrid: email service provider
- Postmark: backup email service provider
One we had our list of processors assembled, the rest our policy fell into place pretty easily. You can read our updated, GDPR compliant privacy policy here and we welcome your feedback. Did we miss anything? Let us know.
Try StatusGator
StatusGator is our service that monitors status pages and sends you notifications when the services you care about go down. You can receive notifications in Slack or by email, SMS, or even web hook. Customers love our Slack slash command which allows querying the status of any service on demand right from where your team hangs out.
Try a 30 day free trial of StatusGator and let us know what you think.