Do I need to update my Terms and Conditions to comply with GDPR?

The main intention of the EU General Data Protection Regulation (GDPR) is to strengthen the rights of internet users and improve the security of their personal information, change the way that companies handle personal data, and request new methods for notifying your users. 

Privacy Policies are a core aspect of the GDPR. These documents are the keystone for ensuring that both your website and your users are aware of privacy rights and that you are acting to protect them.

The GDPR is concerned with privacy law. Privacy Policies fall into that category, but your Terms and Conditions agreement does not. 

What is Terms and Condition agreement

Terms and Conditions agreement is a set of rules and disclaimers that your website visitors must abide by when using your website. The purpose of these agreements is more about protecting your company and people it by requiring users to follow certain rules if they wish to utilize the services provided.

A Terms and Conditions agreement can also be referred to as a Terms of Use, Conditions of Use, Terms of Service or another similar agreement name. These are all interchangeable and based on your preference.

What should a GDPR-compliant agreement include

A Terms and Conditions is an optional legal agreement laying down rules for proper usage of your services and any disclaimers to indemnify yourself against any potential legal disputes.

A Terms and Conditions agreement is your responsibility for your own sake. Terms and Conditions agreements will include disclaimers about payments and subscriptions, limitation of liability statements, and rules of conduct to ensure proper use of the website, a product, or a service. These rules are in place in order to give you the right to remove users who use the service improperly, to protect yourself from frivolous lawsuits, or to have proof of payment procedures in the event of a dispute.

This agreement should also protect you from frivolous claims of abuse. While such rules are a good idea, they do not fall under the umbrella of privacy as covered by the GDPR. The new privacy legislation does not directly regulate Terms and Conditions agreements but certain changes should be made.

The GDPR requires Privacy Policies to be separate and distinct from Terms and Conditions. These two documents should refer to one another and may link each other. As you update your Privacy Policy for GDPR compliance, make sure that you update any links to your Terms and Conditions. Similarly, do not refer to your old and non-compliant Privacy Policy in your Terms and Agreements document. Make sure that any references to your Privacy Policy in your Terms and Conditions are updated and consistent across both documents.

Obtaining consent for Terms and Conditions

The GDPR does not require consent to be obtained for Terms and Conditions as it does for Privacy Policies, it is generally a good idea to obtain consent anyway.

For example, the cookie consent banner you use to obtain consent for data collection and acceptance of your Privacy Policy as required by the GDPR can also include the link to your Terms and Conditions.

If you ever have to enforce your Terms in court, you will have clear proof that the user clearly did consent to be bound by your Terms by agreeing to them.

Minors consent for Terms and Conditions

If your Terms and Conditions has declarations about the use of your website by minors, such as stating that minors are required to have the consent of a parent or guardian before using the site or creating an account, you may need to change your agreement since GDPR has its own set of rules for the data collection and processing of minors. This change may require you to alter the related sections of your Terms and Conditions to reflect any policy changes.

Important: this article does not replace legal advice. Make sure to review your Terms and Conditions after updating your Privacy Policy and becoming compliant with the GDPR is highly recommended. 

Was this article helpful?
0 out of 0 found this helpful