Privacy notices need to be clear and comprehensive. That is just one of the compliance lessons that can be gleaned from the Irish Data Protection Commission’s recent record-breaking €225‑million fine, complete with an accompanying 266-page decision, against WhatsApp Ireland, Ltd. for violating the GDPR’s transparency requirements. This second installment of our two-part article series on key takeaways from the case offers practical insight from partners at K&L Gates, Seddons and Orrick on drafting informative privacy policies and implementing other foundational measures for building a compliant global privacy program. Part one covered the impetus and focus of the DPC’s investigation, its treatment of what constitutes personal data, how to handle regulator inquiries and the trend of increasing remedial obligations in E.U. regulators’ decisions. See “Irish DPC Helen Dixon on GDPR Enforcement Hurdles One Year In” (May 29, 2019).