I think it’s officially called a ‘privacy notice’. However, it is NOT your data protection policy; it’s a public statement of how your organisation applies data protection principles to processing data and under GDPR it must be displayed to people wherever you capture data.
The privacy notice should address the following:
Who is collecting the data?
What data is being collected?
What is the legal basis for processing the data?
Will the data be shared with any third parties?
How will the information be used?
How long will the data be stored for?
What rights does the data subject have?
How can the data subject raise a complaint?
A customisable privacy notice template is available in this EU GDPR Documentation Toolkit (along with other documents) but at quite a high price!
If you want to have a go at writing your own, here are some examples of good and bad privacy notices from the ICO. And here’s another toolkit to help you build your own privacy notice (I think it’s free).