This is part 2 in a two-part series about GDPR Compliance.
In Australia, certain small businesses with an annual turnover of less than $3million, already need legally compliant privacy policies in place and displayed on their websites.
The most common small businesses affected by the Privacy Act are:
- Health service providers that provide services in relation to physical, emotional, psychological and mental health. These include traditional health service providers, such as private hospitals, day surgeries, medical practitioners, pharmacists and allied health professionals; complementary therapists, child care centres, private schools and private tertiary educational institutions.
- Commonwealth contracted service providers that provide services to, or on behalf of, Australian or Norfolk Island government agencies under a Commonwealth contract or subcontract.
- Reporting entities or authorised agents of a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) or its Regulations or Rules.
- The kinds of personal information that you collect and hold.
- How you collect personal information.
- How you hold personal information.
- The purposes for which you collect, hold, use and disclose personal information.
- How an individual may access their personal information and seek correction of it.
- How an individual may complain if you or a contractor breaches the APPs or a binding registered APP code.
- Whether you are likely to disclose personal information to overseas recipients (including a related body corporate), and the likely countries that information may be sent.
The problem was that my policy was out of date and missed some of the areas now covered by the APP and the GDPR requirements. So, as my fabulous IT lawyer has now returned to the public rather than private practice (deep sigh of sadness here), I started to check out what templates (free and paid) were on the market.
I hoped to find one good supplier that I could send my clients to. I sunk the equivalent of a flight to NY into paid templates across a number of suppliers, only to find there was not one on the market that covered all basis.
Here’s where to find it in your WordPress dashboard.
Legal Vision (Free)
Lawpath is another site that you need to sign up for first. When you sign up, you get one free policy. Any future policies you need to pay for at a subscription of $59 per month. You also have to pay if you want to be able to copy or edit the policy and not have to retype the whole thing.
For a free policy, it was quite comprehensive but is not GDPR compliant. One of the best free options.
LawLive (Paid – Prices only available if you fill in your details)
This ancient website hides its prices behind a paywall (Currently $89.90). The questions that the policy generator asks shows that any policies are not GDPR or APP compliant. Save your money and pick up one of the free options.
I was referred to this course by a colleague as there were a stack of templates included with the videos and checklists.
Katie’s course was one of the most practical I did, and I ended up merging a lot of the material from her templates into my policies. Well worth the money and is one I will be recommending to my businesses!
This was the standout winner for me. So much so that I ended up also buying their separate Terms and Conditions Policy, Cookies Policy and Disclaimer Policies (at additional cost).
Termsfeed were the first business that asked for feedback on their provisions, and rather than deflect they took the feedback on board.
Their policies were comprehensive, well written, nicely laid out, easy to tailor and covered things I hadn’t even considered.
Because they were so good, these are the policies I will be recommending to my businesses. After drafting my policies and discussing my feedback with them, I joined their affiliate program, so any purchases using the link above may generate a small commission back to my business. After all, I only want to recommend businesses to my clients that have a good product and are open to feedback.
Legal123 (Paid – $174.90)
These templates are the most heavily promoted in the Australian internet community, so I was hoping for good things. I stumped up my $174.90 for the full website package and ended up using approximately five paragraphs from 17 pages.
As they were only one of two businesses that requested feedback after purchase, I sent them the identical email that I sent to the other business.
They pointed me back to the OAIC guidelines, reminded me that their templates did not cover the GDPR, that no templates covered all businesses and offered a GDPR compliance review service at an additional fee.
They also suggested that the Termsfeed policies did not comply with APP guidelines. I have reviewed their policies against those by Termsfeed and can only see a few tiny paragraphs that were not included. That said, as I stated up front, I am not a lawyer, and if your business needs tailored policies you need to contact your lawyer.
While these were a good foundation, most of the businesses I work with will need more, so I don’t recommend them.
How did my policies end up?
No template meets all needs. My policies are founded on the TermsFeed and Katie Horner’s templates, with a dash of WordPress 4.9.6 and a smidge of Legal123 thrown in for good measure.