Difference Between a GDPR Privacy Policy and Privacy Notice?

Fundamental difference

Fundamentally, a privacy policy is internally focused. This policy can dictate how personal information should be handled by an organisation. However, a privacy notice is externally facing, informing customers, regulators and all other relevant stakeholders how the organisation handles personal data.

GDPR privacy notice explained

A privacy notice explains how personal data is managed. The GDPR guidelines specify that organisations need to provide external stakeholders with a privacy notice that has the following qualities.

  • In a concise, transparent, intelligible, and easily accessible form
  • Written in clear and plain language, particularly for any information addressed specifically to a child
  • Delivered in a timely manner
  • Provided free of charge

Where a company is collecting information from individuals directly, the GDPR details specific information which needs to be included in a company’s privacy notice. Subsequently, some of the requirements of a GDPR privacy notice are outlined below.

  • The identity of a company’s Data Protection Officer.
  • The purpose and legal basis for an organisation processing an individual’s personal data
  • Any recipients of an individual’s data
  • The retention period of any data
  • The right to withdraw consent where relevant
  • The right to complain to a supervising authority
  • Details of any data transferred to a third country and the relevant safeguards taken
  • Whether the provision of personal data is part of a statutory or contractual obligation
  • The existence and details of an automated decision-making system

GDPR privacy policy explained

Preexisting privacy policies are often the basis for the creation of privacy notices. They are consequently the first step in an organisation establishing what is permissible regarding data privacy. Privacy policies are typically legal documents which internally disclose some or all ways an entity gathers, uses and manages private data. However, this data can be personal in nature and related to customers or other stakeholders. Therefore any company with a presence in the EU or an organisation which monitors user information or behaviour should create a GDPR privacy policy.

However, a major component of the GDPR is being transparent and providing accessible information to individuals about the collection and use of their personal data. Consequently, a privacy policy is a key way in which companies fulfil this obligation. Many businesses make their privacy policy public, this aids in transparency and compliance with certain regulations.


Therefore, a privacy policy and notice are distinct. Where relevant it’s important to remain compliant with the GDPR. Consequently, if you are unsure about your obligations regarding data privacy you should consult a business lawyer.

Don’t know where to start?
Contact a Lawpath consultant on 1800 529 728 to learn more about customising legal documents and obtaining a fixed-fee quote from Australia’s largest legal marketplace.

Most Popular Articles
You may also like
Recent Articles

Get the latest news

By clicking on 'Sign up to our newsletter' you are agreeing to the Lawpath Terms & Conditions


Register for our free live webinar today!

Essential Strategic Planning for the New Financial Year

12:00pm AEDT
Thursday 11th July 2024

By clicking on 'Register for webinar' you are agreeing to the Lawpath Terms & Conditions

You may also like

The 2024 Federal Budget has unveiled a comprehensive package of measures designed to support small to medium enterprises (SMEs) in Australia, while also laying the groundwork for a "Future Made in Australia."
Default interest clauses can help protect lenders' interests, but sometimes they will not be enforceable. Find out more here.
Lying on your resume to get a job is never a good idea. In fact obtaining employment through fraud can actually land you in jail.

Thank you!

Your registration is confirmed. Keep an eye on your inbox for an email with details on how to watch the webinar.