The main intention of the EU General Data Protection Regulation (GDPR) is to strengthen the rights of internet users and improve the security of their personal information, change the way that companies handle personal data, and request new methods for notifying their users.
Privacy Policies are a core aspect of the GDPR. These documents are the keystone for ensuring that both your website and your users are aware of privacy rights and that you are acting to protect them.
The GDPR is concerned with privacy law. Privacy Policies fall into that category, but your Terms and Conditions agreement does not.
What are the Terms and Condition agreements?
Terms and Conditions agreement is a set of rules and disclaimers that your website visitors must abide by when using your website. The purpose of these agreements is more about protecting your company and people by requiring users to follow certain rules if they wish to utilize the services provided.
What should a GDPR-compliant agreement include
A Terms and Conditions is an optional legal agreement laying down rules for proper usage of your services and any disclaimers to indemnify yourself against any potential legal disputes.
A Terms and Conditions agreement is your responsibility for your own sake. Terms and Conditions agreements will include disclaimers about payments and subscriptions, limitation of liability statements, and rules of conduct to ensure proper use of the website, a product, or a service. These rules are in place in order to give you the right to remove users who use the service improperly, to protect yourself from frivolous lawsuits, or to have proof of payment procedures in the event of a dispute.
This agreement should also protect you from frivolous claims of abuse. While such rules are a good idea, they do not fall under the umbrella of privacy as covered by the GDPR. The new privacy legislation does not directly regulate Terms and Conditions agreements but certain changes should be made.
Obtaining consent for Terms and Conditions
The GDPR does not require consent to be obtained for Terms and Conditions as it does for Privacy Policies, it is generally a good idea to obtain consent anyway.
If you ever have to enforce your Terms in court, you will have clear proof that the user clearly did consent to be bound by your Terms by agreeing to them.
Minors consent for Terms and Conditions
If your Terms and Conditions has declarations about the use of your website by minors, such as stating that minors are required to have the consent of a parent or guardian before using the site or creating an account, you may need to change your agreement since GDPR has its own set of rules for the data collection and processing of minors. This change may require you to alter the related sections of your Terms and Conditions to reflect any policy changes.