GDPR privacy policy?

Are your privacy policy documents compliant with the GDPR?

Alasdair Taylor's answer to GDPR privacy policy? (1538077481)

Answer to the question: 

All our privacy policy templates (e.g. have all be updated to take account of the GDPR.

However, strictly speaking, compliant with the GDPR is not something that a template document can be. The compliance obligations in the GDPR apply to legal and natural persons (data controllers and data processors), not to documents. Privacy notices may help a person to comply with the GDPR, but they cannot be said to be compliant themselves.

The primary function of a privacy notice is to provide information to data subjects about a data controllers’ privacy practices. So, whilst a template may reflect a particular controller’s practices, it might not reflect those of another. Templates will always need to be adapted to some degree to fit with the operations of the data controller.

Of course, there are many other obligations under the GDPR, in addition to the obligation to provide information to data subjects. A privacy notice will not help much with those other obligations.