Privacy policy is a sensitive topic for any company that handles large volumes of personal data. Required by law, the creation of a privacy policy must be among the priorities of IT managers, especially because Help Desk is among the departments that collect and process user data.
In this article, you will see what a privacy policy is and its essential items!
What is a privacy policy?
A privacy policy is a document that informs digital application users of the types of data that will be collected and how they will be handled and used. This is one of the requirements of the GDPR – General Data Protection Regulation, which was created in 2016.
The purpose of this policy is to promote a transparent relationship between a user and the company and provide legal protection to both parties. In addition to the help desk, other departments have to observe the provisions of the GDPR. The marketing department, for example, has to respect these rules in order to use forms and landing pages to capture leads.
What are the essential items of a privacy policy?
To create a privacy policy for your help desk, it is important to gather information that helps understand the specific characteristics of your company. It requires deep knowledge of the business model needs and laws that regulate your company’s operations.
In addition, some mandatory elements require special attention while developing a privacy policy:
List of data collected and purposes
According to the GDPR, every company has to clearly explain how collected data are processed and the purposes of data collection. Also, according to the concept of purpose provided by law, such purposes must be legitimate, specific, explicit, and informed.
Indirect data collection
In addition to data explicitly requested from users, many digital applications often use data that are collected indirectly, for instance, IP number of a device, location data, pages visited of a website, among other information that may identify a user.
Sharing data with third parties
If a company shares collected data with third parties, the user has the right to know it is happening and why. Sharing data is critical in specific situations; for instance, when specific activities are performed by outsourced companies.
Data subject rights
Article 18 of the General Data Protection Law (LGPD) in force in Brazil determines data subjects have rights over their own personal data, so every privacy policy has to explicitly inform such rights, which include:
- confirm the existence of data processing;
- access data being processed by a company;
- correct incomplete, incorrect, or outdated data;
- anonymize, block, or delete unnecessary or excessive data;
- request data portability to another service provider;
- cancel a previous consent for data collection and processing.
Data controller identification and contact
Data controllers must be properly identified, and such identification should include contact information. This information should be publicly disclosed for easy access by data subjects.
The whole process of developing a privacy policy for the help desk should have the support of legal experts.
Want to know more about it? Contact us and see how to implement the GDPR!
Check the Milvus webinar about trends of the GDPR and the current scenario of companies, which is on our YouTube page.