Privacy

Does My Website Need a Privacy Policy?

With the GDPR having just gone into effect recently, a lot of people are asking questions about what they need to do in order to comply, whether or not they even need to comply, and what the best practices are. One component of being GDPR compliant (or compliant with […]

Everything You Need to Know About Your Privacy Policy and GDPR Compliance

You’ve no doubt heard about the GDPR (General Data Protection Regulation), which focuses on protection of personal data and digital privacy in general. Although the GDPR largely applies to businesses that either a) offers products/services, and/or b) collects personal information from, the new GDPR policy applies to anyone regardless […]

britecode Privacy | britecode

Privacy

With the GDPR having just gone into effect recently, a lot of people are asking questions about what they need to do in order to comply, whether or not they even need to comply, and what the best practices are. One component of being GDPR compliant (or compliant with other regulations) is to have a clear and concise “privacy policy.” Most website owners or businesses are uncertain on whether or not you actually need a privacy policy.

The short answer is most likely: yes, you will need a privacy policy. We’ll get into specifics below.

 

“How do I know if I need a privacy policy?”

The simplest answer is that if you collect any kind of information from the users of your website (or customers of your business) that is considered “personal,” then you need to have a privacy policy in place.

Any kind of information that can be used to identify an individual is considered “personal data.” Personal data can include, but is not limited to first and/or last name, email address, billing and/or shipping address, credit card information, phone number, IP addresses, and so on.

For websites, this information is commonly collected if you have an email list or use cookies on your website (which most websites and/or businesses do).

Having a privacy policy, regardless if it’s “required by law” in your situation can still be a great way to build trust with your users or customers. It’s often better to be safe than sorry with a privacy policy, but it’s also a great strategy for helping your customers feel more comfortable browsing your website or providing you with their personal data.

Below are some of the most common scenarios where a privacy policy may be required or otherwise recommended:

  • Websites
  • Blogs (e.g., on WordPress, Joomla, Drupal, etc.)
  • E-commerce Stores
  • Mobile apps
  • Desktop apps
  • SaaS apps
  • Other digital products or digital services

“What does a privacy policy do?”

 

A privacy policy is an agreement between you (website and/or business) and the user (or customer) on how you will handle that user’s personal data. In your privacy policy, you will include specifically what kind of data you will collect or request, how it’ll be collected, whether you share any of it with outside parties (known as third parties), and so on.

The privacy policy essentially lays out all the “whats” and “hows” that relate to a user’s personal data within your website or business.

“How do I install a privacy policy on my website?”

Adding a privacy policy to your website, business, or any other kind of application that collects personal data/information, requires you to have a page on your website dedicated to your privacy policy. Remember that your privacy policy requires you to list certain information about the data you collect, what happens to it, and how your user can modify that information.

The privacy policy needs to be easily accessible, commonly linked on the footer of your website or easily visible when a user is providing information to your website.

 

If you need help with your privacy policy, want to ensure that you are fully compliant with how you are collecting or handling personal data, or need assistance integrating your policy into your website, you can reach out to us at C2CG. We’ll be happy to answer your questions and get your website fully compliant and protected.

Do you need to upload a document?

You’ve no doubt heard about the GDPR (General Data Protection Regulation), which focuses on protection of personal data and digital privacy in general. Although the GDPR largely applies to businesses that either a) offers products/services, and/or b) collects personal information from, the new GDPR policy applies to anyone regardless of location.

Today we’re going to break down everything you need to know about what you need in your privacy policy and how to remain GDPR compliant in your business.

 

Simplifying Your Privacy Policy

One of the goals of the GDPR is to simplify the language used in privacy policies so that the average user can understand exactly what is happening with their data that they’re providing, without needing someone else (like a lawyer) to decipher your intent and processes with their data.

Data collection and processing procedures need to be communicated in a way that is concise, transparent, intelligible, and in clear and plain language. This has been done to avoid the dense legalese that has been commonly used prior to the GDPR.

Being Transparent In Your Privacy Policy

In addition to simplifying the communication of your processes, your privacy policy also needs to disclose more information than was required prior to the GDPR (while still being clear and concise about it).

Below is everything you need to communicate to your users through your privacy policy?

  • Personal information – the specific information you collect that relates to the user as an identified or identifiable person
  • How you collect the user’s information and why you’re collecting it
  • How you are securing and protecting the data you’re collecting
  • Information about third parties that have access to the information you’re collecting from your users
  • If you use/store cookies
  • How your user can control any part of the data collection, storage, or processing of their personal information

Other Information You Need in Your Privacy Policy to Be GDPR Compliant

In order for your privacy policy to be compliant with the GDPR, you need to provide information on the following (while also still being concise and clear for your user):

  • Who your data controller is
  • Contact information for the data controller
  • Whether you use data to make automated decisions
  • Inform users of the 8 rights they have under the GDPR (which sums up as the right to access their data, request changes, and make deletions and corrections)
  • Whether or not providing data is mandatory (and what happens if they don’t give personal data, such as not being able to create an account or receive emails)
  • Whether you transfer data internationally
  • What your legal basis for processing data is

There’s no need to feel overwhelmed about the GDPR, even if it seems daunting at first when creating your privacy policy and striving to stay GDPR compliant from start to finish. This page will help you get started with the foundation of your privacy policy and what you need to be and stay compliant with the GDPR.

 

If you have questions about the GDPR or want to ensure that your privacy policy is going to be compliant with the GDPR, you can reach out to us at C2CG and we’ll be happy to help.

Do you need to upload a document?

×

Get Our Pricing Guide

Enter your email address below, and we'll send your our current pricing guide immediately


[MySiteAuditor id=5]