The case
A German court issued a striking ruling: an organisation was required to take its website completely offline because the privacy policy did not meet GDPR requirements. If the site was not taken offline, the organisation faced a fine of 250,000 euros.
The case was brought by a competitor who characterised the inadequate privacy policy as an unfair commercial practice.
Why this matters
This ruling shows that the risk of a non-compliant privacy policy extends beyond fines from the supervisory authority. Competitors and advocacy organisations can hold you accountable through civil law for your privacy shortcomings.
This means you face risk not only from the data protection authority, but also from ordinary courts.
The lesson for business owners
Your privacy policy is not a formality
Many business owners treat their privacy policy as a box-ticking exercise. But it is a legal document that must accurately reflect how you handle personal data. A generic template from the internet that has not been tailored to your specific situation is not sufficient.
Competitors are watching
In a competitive market, there are parties actively looking for violations by competitors. A missing or inadequate privacy policy is an easy target.
The consequences can be far-reaching
Having to take a website offline means: no online sales, no leads, no visibility. For many businesses, this is an existential problem.
What should you do?
Review your privacy policy. Is it a generic template, or does it actually reflect how your business handles personal data? GDPRWise generates a privacy policy based on your specific situation, so you can be sure all required elements are included.
GDPRWise generates a privacy policy tailored to your specific business situation. Not a generic template, but a document that is accurate.