Why Your Business Needs Privacy Policy Version Control
When you acquire someone’s personal data, you must have a lawful bases in order to process it and you must tell them what you will use their data for. This should all be outlined in your privacy policy, as you already know.
But what happens when your privacy policy changes and you change what you use their data for?
Privacy policy version control
It’s important to know exactly what a subject has agreed to. If you have changed your privacy policy in the last year, then someone who agreed to allow you to process their data in January 2017 may have agreed to something different to someone who did the same yesterday.
You must store all versions of your privacy policy, regardless of how small the changes you make to it are, and you must know which subjects agreed to which version.
Notifying the subject
If the changes you make to your privacy policy will change the way in which you use a subject’s data, you must inform them and, if necessary, request their consent.
Example one: If the contact details change for your DPO and the subject can no longer use the previous contact details, they must be informed.
Example two: If you decide you want to analyse subject data to improve your service, possibly though a third party application, you would not only need to inform subjects, but allow them to opt in or opt out of the change too.
Leave a Reply
Want to join the discussion?Feel free to contribute!