Personal Data Policy

A personal data policy created for a website serves as an internal set of rules and governs how a website stores and handles its visitors’ personal data. Since the General Data Protection Regulation (GDPR) came into force in 2018, higher requirements have been imposed on how personal data may be processed.

What is it?

Personal data

Personal data is any information that can be directly or indirectly linked to a specific natural person. Direct personal data can identify a person on its own, while indirect personal data can identify a person when combined with other information.

Examples of personal data under the GDPR include name, personal identity number, address, phone number, photographs, and email address.

Direct personal data includes, for example, names and personal identity numbers, while IP addresses and place of residence are considered indirect personal data.

Personal Data Policy

All websites that process personal data must do so in accordance with the GDPR. One of the basic requirements for processing personal data is obtaining consent from the individual concerned. Consent must be informed, and website visitors must be able to easily find out how their personal data is processed, which is why a policy must be established.

A personal data policy should clarify which personal data the website collects and stores, how it is used, how visitors have control over this data, and how they can contact the owner of the website.

How does it work?

A personal data policy for a website must be established by all companies and public authorities that operate a website that processes personal data.

A website’s personal data policy constitutes an internal framework for how personal data will be processed. It must be clear, specific, and easily accessible. Once the policy has been established, it must be published on the website so that it is available to all visitors.

When creating a website, it is also a good idea to establish a cookie policy, i.e., a policy describing how small text files store information from the user to improve their user experience, as well as terms of use, which set the rules for how users may and may not behave on the website.