Some tips for those who work with EU market and still haven't updated policy notice to comply with GDPR.
1. Start with identifying who you are - controller or processor. The first one collects data independently, the second one processes data on behalf of the controller.
2. Identify specific collection methods you use gathering personal information on the website and types of data.
3. Provide a comprehensive information about data subject rights. However do not forget to prescribe acceptance of conditions in your policy.
4. As far as your privacy notice stands, it's a rather an intricate document that covers many legal aspects. Your users would benefit from it being very well structured, so do place a table of contents in the beginning.
5. Address your website visitors in a polite and prudent fashion.
7. Your policy document should have an appealing design and reflect your corporate style.
8. Provide the information related to data security - what kind of measures you use to protect the data. For example, it might be HTTPS/TLS data protocol for transmission, and encryption at the database level.
9. Tell your visitors about the ways they can withdraw their consent at will.