What to do with shares when your co-founder has left
Co-founder fallouts or mutual way-partings are common, so we’re often asked Now what do we do with their shares after th...
This article has two goals:
If you’re building a legal justification table on SeedLegals and you’ve been taken to this article by the on-platform link, scroll down to How do I build my own legal justification table on SeedLegals? below.
There are a variety of obligations created under the GDPR that must be followed. You have to outline the procedures you put in place to protect Personal Data, where you send any Personal Data (if you send it to third parties), how individuals can request deletion of their personal data, and so on.
However the primary obligation under the GDPR and the whole spirit of the regime is to explain, to anyone you collect “Personal Data” from:
“Personal Data” is any information about a person from which that person can be identified E.g. their name, address, gender, IP address etc.
It’s all about empowering the individual so that they know what data is being taken from them and giving them some control over use of that data.
What many people do not realise is that this definition means that you owe obligations under the GDPR not only to your customers, but also to your employees.
Because of this need, SeedLegals has created two new privacy products to allow companies to comply with their GDPR obligations:
What we noticed when we were doing our research on competitors‘ privacy/data protection/GDPR solutions is that many were simply not fit-for-purpose.
There were plenty of off-the-shelf templated privacy policies, that made a generic reference to the GDPR and to the legal justifications within the GDPR, along with some standard wording about putting in place data protection systems and how people can opt-out of marketing emails.
But, generic references to “consent” or “legitimate interest” and standard wording about security, in our opinion, does nothing to actually explain to individuals what is being done with their data, which was the driver behind the introduction of the GDPR. So, in our opinion those competing products do not even achieve compliance with the GDPR, let alone reflect best practice.
What we have included in our privacy policies to ensure proper compliance is something we call a “legal justification table”. This allows you to clearly set out when Personal Data is collected, what type, why it is being collected and why you believe you are legally entitled to collect it.
We decided the easiest way to show this information is through a table with three columns:
Click this link to be taken to our own legal justification table within our own privacy policy to see an example of a completed legal justification table.
As you can see from our own legal justification table in the link, it clearly shows when we collect specific types of Personal Data from an individual, why we collect it and what legal justification we rely on. Higher up in our privacy policy we explain what those justifications mean so it is easy for our customers to understand.
When you get to the section of our product that asks you to build your own legal justification table, you will have already identified what types of Personal Data you collect from either your customers or your employees (depending on which privacy policy you are making). To remind you of the different types of Personal Data you can collect from your customers, they are:
You then need to pair each type of Personal Data you collect with one of the legal justifications permitted under the GDPR. Those justifications are as follows:
Two things to note:
When you head back to the platform, you’ll be presented with the request Please list an activity or time when you collect your employee’s/customer’s Personal Data. Here, you need to think of your first activity, such as “when a user signs up to our service” or “when an employee turns up for his first day” (as appropriate). Once answered, you will then be asked to tick from the list of the types of data your company collects (that you previously identified from a bigger list) which of those categories are collected under that activity.
For example, when a user signs up to your service, you will probably collect (at least) “Profile”, “Contact”, “Marketing and Communications” and “Technical” data and so you would select those types from the list. Once you have chosen which categories of data apply to the activity, lastly, you need to choose what legal justification you are relying on to collect that data. You can choose more than one justification. E.g. You may rely on “consent” for Profile and Contact data, but may rely on “legitimate interest” to collect Technical data.
You are finally presented with a freeform textbox to provide a short narrative about why you believe you can rely on the justification(s) you have chosen and/or to explain which justification applies to which type of data.
All you then need to do is repeat this process for every activity your company undertakes that leads to data collection, and once finished, the platform will create a legal justification table within your privacy policy so you are fully compliant with GDPR!
We have not only made GDPR compliance possible (given the low quality of the rest of the GDPR compliance market), but also made it easy for our customers to comply with GDPR.
The platform also allows you to update your privacy policies at any time. So, if your company pivots and you start undertaking more or different activities which give rise to collection of Personal Data, you can update your policy in a matter of seconds.
If you want to purchase our privacy policy products, have any further questions about our privacy policies or our company policies in general, please reach out to us at [email protected] or use our live chat to get in touch.