For those with data hosted in or users from countries covered by GDPR or UK GDPR a privacy notice is a requirement. The minimum requirements for this include:

• Identity of the data controller
  • Including contact information
• Purposes of data collection
• The legal basis used for processing of data
• The types of personal data being collected
• Who the data is being shared with
• How long the data is being kept for
• How individuals can exercise their rights over their own personal data
• How consent can be withdrawn
• Where data is transferred internationally, if this is outside of the EEA how the personal data is safeguarded must be covered

REFEDS DPCoCo

Resources