What is a privacy policy?
In this context, a privacy policy is a statement or a declaration on a website which states in clear terms how an organization intends to use the information that it collects from site visitors.
Why do you need a privacy policy?
In order to comply with Part 2.5 (Part 2 generally) of the Nigerian Data Protection Regulation 2019, an organization is required to put up “a simple and conspicuous privacy policy that the class of Data Subject being targeted can understand”. This is to ensure that the data subjects are informed about the collection and use of their personal data, what the data controller intends to use the data for, possible sharing with third parties, and the rights that they have as regards the said data, amongst other things.
FUN FACT
Rights to be forgotten: According to part 3.9 of the Nigerian Data Protection Regulation 2019, You can ask a data controller to permanently delete your personal data from their records based on certain grounds stipulated by the guidelines.
Features of a compliant Privacy policy
A compliant privacy policy must have essential clauses that make it compliant with existing laws and regulations. These clauses must state what information the organization collects and how such information is used. It must also give information about third-party access to the information, or in case of a transfer of ownership of the organization, a statement that the information collected will remain safe.
Also, the privacy policy must be expressed in clear terms. The essence of having a privacy policy is communication and so the policy must be drafted with the intention of effective communication.
A clause or a statement stating in simple terms what a cookie is, what they do and the types of cookies used on the site is also very important when drafting a privacy policy. There will be cookies that must be installed for legitimate reasons and others that are optional; these must be spelled out clearly for the data subject.
In case the rights of data subjects are breached in any way or seem to have been breached, the policy must contain a medium to contact the company to rectify the issue and let the data subjects know that they can report to the appropriate authorities.
Lastly, according to Part 2.8 (b) of the Data Protection Regulation 2019, the data subject must have an option to decline the collection of his or her data. The functionality of a website must not break simply because the data subject has refused to consent to the collection of his data (It is possible that non-collection or deleting cookies may reduce the functionality of the website).
Please do not take any of the information above as legal advice. We consistently try to do our best to provide you useful information in the form of articles, nothing can substitute actual professional legal advice in drafting your privacy policies. You can reach out by clicking here for legal advice.
Comments