# GDPR

### GDPR Privacy Policy requirements <a href="#gdpr-privacy-policy-requirements" id="gdpr-privacy-policy-requirements"></a>

* Concise, transparent, intelligible, and easily accessible form
* Written in clear and plain language, particularly for any information addressed specifically to a child
* Delivered in a timely manner
* Provided free of charge

### What must be shared <a href="#what-must-be-shared" id="what-must-be-shared"></a>

* The identity and contact details of the organization, its representative, and its Data Protection Officer
* The purpose for the organization to process an individual’s personal data and its legal basis
* The legitimate interests of the organization (or third party, where applicable)
* Any recipient or categories of recipients of an individual’s data
* The details regarding any transfer of personal data to a third country and the safeguards taken
* The retention period or criteria used to determine the retention period of the data
* The existence of each data subject’s rights
* The right to withdraw consent at any time (where relevant)
* The right to lodge a complaint with a supervisory authority
* Whether the provision of personal data is part of a statutory or contractual requirement or obligation and the possible consequences of failing to provide the personal data
* The existence of an automated decision-making system, including profiling, and information about how this system has been set up, the significance, and the consequences

As you can see, creating a GDPR-compliant *Privacy Policy* for most e-commerce businesses could be quite a headache - it would involve wading through technical documentation about how your e-commerce platform and connected systems work, in order to try to understand the data flows, which would likely run into the hundreds.

### Pakk simplifies privacy <a href="#pakk-simplifies-privacy" id="pakk-simplifies-privacy"></a>

With Pakk, the situation is much simpler. Firstly, due to the fact that Pakk is architected as a "one-stop-shop" commerce platform, data is much more centralised and there are far fewer data flows to external sources than in a standard *e-commerce platform + plugins + api integrations* setup. Secondly, because Pakk is *configurable, not customiseable*, the system already knows where customer data is kept, processed and shared. With this in mind, it should be obvious that **Pakk can write your Privacy Policy** for you. In fact, it does. Pakk uses its knowledge of the settings in your account and the configuration of the website to autogenerate a Privacy Policy and link to it in easily discoverable places. We might need you to fill in a few more details, for completeness sake, but essentially, the platform can generate 90% of the text in order to fulfil the above requirements. Obviously, this is all translatable to any Pakk language too.