HomeFix guides → Privacy policy (NIS2 information sharing)

nis2

How to fix: Privacy policy (NIS2 information sharing)

GDPR Art. 13 NIS2 Art. 21(2)(f)

Why this matters

Published data-handling policies signal organisational maturity around personal data — a soft NIS2 signal that overlaps with GDPR compliance.

Background

NIS2 reporting + transparency overlaps with GDPR. A discoverable privacy policy at /privacy-policy is the minimum baseline — covers vendor data flows, contact for data requests, processing legal basis. Same fix as gdpr.privacy_policy.

References

NIS2 Art. 21(2)(f) — supply-chain security + vendor data flows · GDPR Art. 13

How to fix

Code snippet for each stack we cover. Pick the one matching your server / framework.

nginx
No server config — content page.
apache
Same.
cloudflare
Same.
wordpress
Privacy Policy generator (Iubenda, WebsitePolicies.com). Publish at /privacy-policy.
flask
Add /privacy-policy route + template.
express
Same.
rails
Same.

Verify it's working

curl -s https://your-site/privacy-policy | head — should return 200 with substantive policy content.

Want to know if your site has this issue?

Run a free 53-check audit — security, GDPR, NIS2, and technical SEO.

Audit my site →