Do I Need a Privacy Policy for my Website?

Not sure whether you need a privacy policy or other legal documents on your website? Sorry to break it to you, but the answer is is very likely to be YES YOU DO.

What is a website privacy policy?

A website privacy policy is a document that describes how an organisation uses the personal data it collects about individuals via its website.

This should include the way the website collects, processes, stores, shares and protects the user data, the purposes for doing so, and the rights of the users in regard to their collected data.

Why does my website need a privacy policy?

There are not many pages on your website that you absolutely must have, but (in most cases) a privacy policy is one. If you need one – and you probably will – then it’s a legal requirement to have it, and you could get fined for not displaying it.

In a nutshell, any website that collects information from its visitors needs a privacy policy.

Your website is probably collecting information from users who visit your site, such as contact details or demographic data.

Here are some common examples of ways that websites collect data from users:

• Contact forms
• Shopping carts
• Requests to book a call
• User registration forms
• Newsletter sign-ups
• Services such as Google Analytics
• Displaying online ads from platforms like Google AdSense

If your website has any of these functionalities, then you definitely need a Privacy Policy. In fact, in order to use many of Google’s services and tools, such as Analytics and AdSense, you’re required by Google to have an up-to-date privacy policy in place.

What needs to be included in a website privacy policy?

According to the relevant legislation, a website privacy policy must include:

• Who is collecting the data on your website, i.e. the legal name and contact details of your company
• Why the data is being collected
• Whether the data will be given to any third-party (and if so, who that third-party is)
• Information on how to contact you to request removal or correction of any personal data on your records

Your privacy policy should be separate from your terms and conditions, cookie policy, and other similar pages.

Do I need a Cookie Policy as well?

The use of cookies on websites is actually covered by separate rules. Specifically, if your website uses cookies then you’re required to:

• Obtain consent from users on the use of cookies on their device
• Provide information on what any cookies are for and why you use them

To make things clear, you should separate your cookie policy from your privacy policy, and ensure you have robust cookie consent functionality in place. (I include and set up cookie consent software as standard in all of the websites I build, for this reason.)

I’m not in the EU – do I still have to adhere to GDPR?

Well, you might not be in the EU, but some of your website visitors might be. Remember that the internet is global, and your website can get visitors from any country.

In order to be as legally-compliant as possible, it’s always advisable to adhere to both national and international laws like GDPR, so that you’re covered if/when you have visitors from those areas.

SEO Benefits of Having a Privacy Policy

An unexpected benefit of having a robust and clearly-displayed privacy policy on your website is that it could benefit your search engine optimisation efforts.

An important part of SEO is ensuring that Google trusts your website, as a high level of trust means it’s more likely to show your website in a higher position in the search results.

Google looks at many factors when determining trust (and is famously secretive about its search algorithm) but it’s widely believed that having a privacy policy on your website is a trust factor for Google.

What happens if you don’t have a website privacy policy?

A hefty fine, usually. You’d probably receive an enforcement notice from the relevant data commissioner in the first instance, instructing you to add one to your website. If you don’t comply with the enforcement notice you could be fined, and UK/EU GDPR-related fines can be up to 4% of your annual turnover. You could also be made to delete any data collected through your website.

How do I create a Privacy Policy for my website?

You have a few options for creating a privacy policy:

1. DIY using a free template. Obviously, it’s possible for you to attempt to write your own privacy policy using one of the free basic templates you can find online. It’s not advisable, though. As well as having no idea if the wording applies properly to your own website and business, you’ll be unaware if you’re meeting the legal requirements. You’ll also be responsible for changing the language and the policy whenever there are updates to the law.
   
   
2. Hiring a lawyer. If you have budget, hiring a specialist lawyer means you’ll end up with a professional, completely personalised policy. Bear in mind that as well as the initial costs, you’ll likely have additional ongoing costs for updates to the policy in the future.
   
   
3. Use a professional online policy service. This is my preferred option and the one I recommend to my clients, as it balances the needs of compliance and budget really well. For a low monthly fee, you get a policy that’s personalised to your needs, and that AUTOMATICALLY UPDATES WHENEVER THE LAW CHANGES. Winner.

Get a Discount on a Personalised Privacy Policy For Your Website

I’ve partnered with Termageddon, an attorney-run, professional policy provider, to provide a discount on privacy policies.

With Termageddon, you simply enter your business details into your online dashboard and they’ll create a tailored policy that’s written by lawyers and that exactly fits your business needs. It’s a great service, and takes away the guesswork of creating and updating your Privacy Policy.

Want to talk about your options?

If you’d like to learn more about the essential requirements for your website, or how I can help make your website compliant, then just get in touch or book in for a free consultation.

This bit’s important, please read it:

This blog post provides information about privacy and data protection laws – but legal information is not the same as legal advice, and so you must consult a lawyer for professional advice about your own circumstances.

You may not rely upon this information as legal advice, and you must instead regard this article as intended for purely informational purposes only.