Privacy documentation

By user_fullname on May 2, 2026
Beginner

One of the two developed fundamentals delivered under the Insight pillar in BRD-Strategy.

What it is

Privacy documentation is the set of legal, operational, and customer-facing artifacts that govern what data the presence collects, how it's handled, and what rights the people whose data it is can exercise. Done once, properly, against the actual data flows, not copy-pasted from a generator.

What's included

  • Privacy notice. External-facing, written for the people whose data is collected. Covers what's collected, why, on what legal basis, how long it's kept, and what rights apply. Specific to the surfaces (public website, client portal) the presence operates.
  • Cookie notice. Categorized cookie inventory, with the actual cookies named and described, not a generic boilerplate. Honest about whether the practice is consent-or-pay, opt-in, or strictly necessary only.
  • Data retention policy. Periods per data category, with the legal basis for each and the disposal procedure.
  • Data protection policy. The internal handling SOP: security, integrity, confidentiality, breach response.
  • Data Processing Agreement (DPA). Article 28 contract for engagements where data is processed on a customer's behalf.
  • Data subject request handling. The flow for access, correction, erasure, portability, and objection requests. Documented so that the response is consistent and within the legal timeline.
  • Compliance mapping. Which regulations apply to the presence (GDPR, UK GDPR, EU Accessibility Act adjacencies, sector-specific rules), and where in the documentation each requirement is met.

When you'd want this

  • You have a privacy policy that was generated by a tool five years ago and has not been updated since.
  • You're a B2B operator whose customers are starting to ask for a DPA, a data inventory, or evidence of compliance.
  • You collect data through forms, analytics, or integrations and you're not sure what's actually being stored and where.
  • You're building something new and want privacy designed in rather than retrofitted.


More articles on Products and services

Comments

No comments yet.

Add a comment
Ctrl+Enter to add comment