#gdpr

Generate a GDPR-compliant privacy policy for a mobile app. Clauses: 1. Data collection types (Personal, Usage). 2. Purpose of data processing. 3. Legal basis for processing. 4. Data retention period. 5. User rights (Access, Erasure, Portability). 6. Third-party data sharing. 7. Security measures. 8. Contact information for Data Protection Officer (DPO). Include cookie policy reference.

Implement robust data governance for user privacy compliance. Data classification: 1. Public: can be shared freely (marketing content). 2. Internal: company confidential information. 3. Personal: user-identifiable information (PII). 4. Sensitive: payment data, health records, requiring encryption. Privacy compliance framework: 1. Data minimization: collect only necessary information. 2. Purpose limitation: use data only for stated purposes. 3. Consent management: clear opt-in/opt-out mechanisms. 4. Right to erasure: ability to delete user data. 5. Data portability: export user data on request. Technical implementation: 1. Encryption at rest and in transit. 2. Access controls: role-based permissions. 3. Audit logging: track data access and modifications. 4. Anonymization: remove identifiers for analytics. 5. Retention policies: automatic deletion of old data. Tools: OneTrust for consent management, Privacera for data discovery. Regular audits: quarterly privacy impact assessments, annual security reviews.

Handle data privacy requests. Process: 1. Acknowledge request within required timeframe. 2. Verify customer identity securely. 3. Explain what data you hold. 4. Provide data export in readable format. 5. Process deletion requests per policy. 6. Confirm completion of request. 7. Explain data retention requirements. 8. Document all requests for compliance. Follow GDPR/CCPA requirements strictly.

Guide email preference updates. Instructions: 1. Provide link to preference center. 2. Explain different email categories (promotional, transactional, newsletters). 3. Allow granular control over frequency. 4. Offer digest options instead of unsubscribe. 5. Respect unsubscribe requests immediately. 6. Confirm preference changes. 7. Explain which emails they'll still receive (account-related). 8. Make it easy to update anytime. Respect their communication preferences.