With the GDPR having just gone into effect recently, a lot of people are asking questions about what they need to do in order to comply, whether or not they even need to comply, and what the best practices are. One component of being GDPR compliant (or compliant with other regulations) is to have a clear and concise “privacy policy.” Most website owners or businesses are uncertain on whether or not you actually need a privacy policy.

The short answer is most likely: yes, you will need a privacy policy. We’ll get into specifics below.


“How do I know if I need a privacy policy?”

The simplest answer is that if you collect any kind of information from the users of your website (or customers of your business) that is considered “personal,” then you need to have a privacy policy in place.

Any kind of information that can be used to identify an individual is considered “personal data.” Personal data can include, but is not limited to first and/or last name, email address, billing and/or shipping address, credit card information, phone number, IP addresses, and so on.

For websites, this information is commonly collected if you have an email list or use cookies on your website (which most websites and/or businesses do).

Having a privacy policy, regardless if it’s “required by law” in your situation can still be a great way to build trust with your users or customers. It’s often better to be safe than sorry with a privacy policy, but it’s also a great strategy for helping your customers feel more comfortable browsing your website or providing you with their personal data.

Below are some of the most common scenarios where a privacy policy may be required or otherwise recommended:

  • Websites
  • Blogs (e.g., on WordPress, Joomla, Drupal, etc.)
  • E-commerce Stores
  • Mobile apps
  • Desktop apps
  • SaaS apps
  • Other digital products or digital services

“What does a privacy policy do?”


A privacy policy is an agreement between you (website and/or business) and the user (or customer) on how you will handle that user’s personal data. In your privacy policy, you will include specifically what kind of data you will collect or request, how it’ll be collected, whether you share any of it with outside parties (known as third parties), and so on.

The privacy policy essentially lays out all the “whats” and “hows” that relate to a user’s personal data within your website or business.

“How do I install a privacy policy on my website?”

Adding a privacy policy to your website, business, or any other kind of application that collects personal data/information, requires you to have a page on your website dedicated to your privacy policy. Remember that your privacy policy requires you to list certain information about the data you collect, what happens to it, and how your user can modify that information.

The privacy policy needs to be easily accessible, commonly linked on the footer of your website or easily visible when a user is providing information to your website.


If you need help with your privacy policy, want to ensure that you are fully compliant with how you are collecting or handling personal data, or need assistance integrating your policy into your website, you can reach out to us at C2CG. We’ll be happy to answer your questions and get your website fully compliant and protected.