For those with data hosted in or users from countries covered by GDPR or UK GDPR a privacy notice is a requirement. The minimum requirements for this include:

• Identity of the data controller
  • Including contact information
• Purposes of data collection
• The legal basis used for processing of data
• The types of personal data being collected
• Who the data is being shared with
• How long the data is being kept for
• How individuals can exercise their rights over their own personal data
• How consent can be withdrawn
• Where data is transferred internationally, if this is outside of the EEA how the personal data is safeguarded must be covered

This is one of two documents in the PDK that MUST be presented and agreed to by users

REFEDS DPCoCo

Resources