Do not confuse Data protection policy with Privacy Policy. The latter is a term that applies to the information clauses that comply with the transparency obligations of the General Data Protection Regulation (GDPR).

Thus, if we analyze the term “policy” provided by the RAE, we can say that it is the set of guidelines that govern the actions of an organization in a specific issue or field. Therefore, the policy of Data Protection can be defined as a way of acting of the organization regarding the processing of personal data throughout its entire life cycle.

This way of acting is called data governance, which, in other words, is defined as the process by which policies and procedures are implemented to ensure effective and efficient management of information in the entity. By virtue of the principle of proactive responsibility, the data protection policy must be the base and main standard where the true commitment on the part of the organization is reflected. However, The privacy policy is nothing more than an informative clause on the processing of personal data on a website.

The GDPR mentions the data protection policy on several occasions, such as, for example, in recital 78, where it states that; “…the data controller must adopt internal policies…” or article 24.2 which establishes that; “When provided… the application… data protection policies.”

In turn, one can conclude the need to have a privacy policy of the provisions of article 5 of the GDPR, which requires that personal data be processed in a lawful, fair and transparent manner in relation to the interested party, which, according to recital 58 et seq., means that: The principle of transparency requires that all information addressed to the public or interested party be concise, easily accessible and easy to understand, and that clear and simple language be used, and, where appropriate, it be visualized. This information could be provided electronically, for example, when it is directed to the public, through a website.

(…) The data controller must provide the interested party with any additional information necessary to ensure fair and transparent processing, taking into account the specific circumstances and context in which the personal data are processed..

(…) Information about the processing of their personal data must be provided to interested parties at the time it is obtained from them.

In short, as we can see, both concepts in question have a very different mission and, therefore, beyond the terminology used in each case, they are two concepts that cannot be confused.

Subscribe to our newsletter to stay up to date with all the news

Name and surname *

Email *

I give my express consent and accept the Privacy Policy.

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SAU as the party responsible for this website. The purpose of collecting and processing personal data is to manage your subscription to the newsletter as well as to send commercial information about the services of the data controller. The legitimacy is the explicit consent of the interested party. Data will not be transferred to third parties, except under legal obligation. You may exercise your rights of access, rectification, limitation and deletion of data at compliance@grupomainjobs.com, as well as the right to lodge a complaint with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find on our website.