An Honest Template for GDPR Privacy Notices

Dear Customer:

The General Data Protection Regulation (GDPR) has now been active for <insert duration since May 25, 2018>. As your Data Processor, we are writing to you because we accidentally noticed that <insert name of your top competitor> has already been doing so. Our newly appointed GDPR Data Protection Officer, <insert name of your lowliest office clerk>, has developed the following list of privacy promises, after a Google search:

1) If we think that we are doing a bad job of <insert how you process data>, then we promise to quickly revise our opinion of what we do.

2) If you would like to send us a security questionnaire, then we promise to forward your email to <insert name of your phishing abuse desk>.

3) If we protect your data with <insert firewalls, anti-virus, or passwords>, then please relax, because our lawyers said these will hold up just fine for us in court.

4) If our staff is authorized to read your data, then we promise to make them recite <insert your company oath> to ensure their full loyalty.

5) If you choose to exercise your Data Subject rights, then <insert name of your lowliest clerk> promises to respond, although we honestly don’t know how, or even why.

6) If we are using a third-party to <insert how you process data>, then please contact them directly and let us know what they said.

7) If your data is ever compromised by <insert description of data breach>, then we refer to you to bullet 6 just above.

Compliance with <insert ‘the’ if you are European, else omit> GDPR is of the utmost importance to <insert name of your company>. If you have any privacy-related concerns, or if you would like to thank me for keeping this note to one page, then please contact me at <insert name of your phishing abuse desk>.

Yours in privacy,

<insert name of your lowliest office clerk>