A common question that is often asked when people are getting their first website is about the legals, which can be overwhelming, and 'Do I need a privacy policy on my website?' is near the top of that list.
So, getting straight to the point, the short answer is - probably yes, but it depends. Ok that may not be very helpful, so let's look at some details, from the basics up.
TABLE OF CONTENTS
WHAT EXACTLY IS A PRIVACY POLICY?
A privacy policy is a statement from the website owners (that's probably you if you're reading this article) which lays out the details of what data is collected on their website from visitors, how it's collected, how it may be used, how it's stored, how people can apply for a copy of the data stored about them and how to get their data removed from records held by the website owners.
WHEN DO I NEED A PRIVACY POLICY ON MY WEBSITE?
According to GDPR (General Data Protection Regulations) if a website collects personal data from it's visitors, website owners are legally obliged to declare how they treat that data if either or both of these conditions are true:
- if the website owners or website visitors are in the UK or EU
- if the website owners or website visitors are nationals of the UK or EU
That is, if you as the owner, or any of your website visitors are located in or are nationals of the UK or EU, your website needs a privacy policy. And this applies if the website owner is an individual or a legal entity like a company, one person or many people.
CHECKING IT TWICE
Most of the time it will be obvious if you are collecting people's personal data on your website – for example if you have a contact form on your website or an opt-in form for people to sign up to receive a newsletter then it's fairly obvious that you're collecting personal data. But there are many instances when things can be overlooked as they are not so obvious, for example -
Do you have any questionnaires or quizzes on your site? You'll likely be collecting personal data through these so you'll need a privacy policy.
Are you selling products on your website? You'll almost certainly be getting peoples' delivery details, whether these are electronic or physical deliveries. You'll need a privacy policy.
Do you have offers on your website for visitors to receive a free download such as an e-book or a discount voucher which you'll email out? Then you'll be receiving at least an email address from the person signing up for it, so you'll need a privacy policy.
Do you have analytics tools hooked up to your website - like Google Analytics? Again you'll be collecting some form of data on visitors. It might not be the obvious name and contact detail type data and might be just an IP address that's collected by the software, but privacy policies are required even if you're collecting non-personally identifiable, pooled data.
Does your website use cookies? Cookie IDs are considered personal data. Do you have advertising on your website? This will definitely use cookies. These all require a privacy policy to be on your website.
HOW TO CREATE A PRIVACY POLICY
Most websites choose to have a separate privacy policy page, and it's become usual practice to have a privacy policy link in the footer of web pages, for those wishing to find out details of your data handling.
As it's a legal requirement to have a privacy policy statement on your website, with punishable consequences if you don't, it is a good idea to check with your legal advisor what should be in your privacy policy, how it should be worded and to ensure that it is fully comprehensive for your particular needs.
That said, there are a number of online privacy policy generators which you can use as a basis for your privacy policy.
PRIVACY POLICY GENERATORS
Since the data protection laws were introduced a huge number of privacy policy generators have appeared online, and it's become very easy to get privacy policies for websites through them.
There are many free privacy policy generators, and who wouldn't prefer to get a privacy policy free, BUT use these at your own risk. It's best to have your legal advisor take a look at any policies they produce to make sure you're properly covered. Fines can be hefty, in the millions.
Some popular privacy policy generators include (and again, these are not recommendations - the recommendation is seek information from your legal advisor for your particular needs)
Considered to be one of the most comprehensive policy generators, it claims to auto update policies in line with changes in GDPR and CalOPPA laws and policies can include over 650 clauses. Iubenda works on a monthly subscription - there's a free plan and a number of paid options. Alternatively, if you're lucky enough to catch a deal you can buy a lifetime licence through Appsumo at a fraction of the cost.
Termly offer options for UK or US privacy policies which might be useful and a way to keep costs down if you are a local business. Through a series of questions it takes about 15 minutes to get a customised privacy policy. There is a free plan with limited features aimed at low traffic websites, or a monthly subscription per website.
Enter general information about your company, then more details about how you operate, Free privacy policies are available for individuals but businesses are charged. There is a one time fee per policy with extra charges for extra clauses of cover.
GDPR
Privacy regulations are lengthy and complex, and handling of personal data is strictly regulated, including the process required if there is a data breach, notifying authorities and notifying those whose data might have become vulnerable. As a website owner you may be a data controller and a data processor so it's best to familiarise yourself with these terms and responsibilities. You'll find the full regulations on the government website Guide to the General Data Protection Regulation and more details at the Information Commissioner's Office.
SO, DO I NEED A PRIVACY POLICY ON MY WEBSITE?
As you have probably gathered by now from this article the answer to the question, 'Do I need a privacy policy on my website?' is yes. Even for a site with low traffic or no obvious data collection methods on it such as sign up forms, your website is still likely to be collecting what is classified as personal data through background technologies such as for analytics or cookies.
As part of GDPR you will also likely need a Cookie Policy on your website too.
And a final disclaimer - the information in this article is not provided by legal experts. Always check with your legal advisor and the relevant authorities for current regulations to ensure you are compliant with all requirements.
Do I Need A Privacy Policy On My Website last updated April 2021
