GDPR. A deep dive into delivering privacy policy

A privacy policy is a statement of how the website operator collects, stores, protects and utilizes its users’ personal data.

 

Much of the consumer data is gathered automatically with the delivery of cookies, yet there are other, more obvious tools, including sign-up forms, newsletter subscriptions, new account registrations, and more.

 

Every user has a right to their privacy and to understand how businesses will use their information. It’s also their right to retract their decisions at any point navigating your website.

A privacy policy outlines all the elements required to comply with the latest data privacy laws.

 

GDPR. How do I add a privacy policy to my website?

Many modern website systems feature automated placements, implementing the legal policies to your website framework, yet others will rely on you to create your pages and insert them manually.

 

There are plenty of templates and online generators that will show you how to make a privacy policy for your website, delivering a document specific to your operations on completion.

 

If you’re unsure of exactly what you need, how to create a privacy policy specific to your business, or where to host it, the following information should steer you in the right direction. If you’d like a more personal touch or specific answers to how our system can help you develop and manage your company privacy policy, we’d love to help.

 

GDPR. Organizing cookie and privacy policies

How to add a cookie policy to a website is a very similar process. In some cases, a single directory will contain both policies and the links to each feature in most of the same places.

 

Why do websites show cookie policy separate to privacy policy? Well, with websites legally having to gain consent for their site cookies before they deliver them and activate the functions they control, they have grown into a considerable area of data privacy.

 

There’s a lot to cover, so it makes sense for providers to create separate policies for cookie use and delivery, and that of general data processing through other means, such as contact forms and mailing lists.

 

How to write a company privacy policy

According to GDPR, privacy policies must be:

  • Concise, transparent, intelligible, and easily accessible
  • Written in clear and plain language
  • Delivered in a timely manner
  • Provided free of charge

 

To collect information directly from an individual, a privacy policy must include:

  • The identity and contact information of the organization, representative, and Data Protection Officer
  • The purpose of the organization to gather and process personal data and its legal basis
  • Legitimate interests of the organization or third parties
  • Recipients or categories of recipients of the data
  • Details of data transfer to a third country and its safeguarding
  • The data retention period or criteria used to determine the retention period
  • The data subject’s rights
  • Right to withdraw at any time
  • Right to lodge a complaint
  • Whether the personal data is provided as part of a statutory or contractual requirement or obligation
  • The inclusion of a profiling and automated decision-making system, how it was set up, its significance, and consequences

 

The most typical elements you’ll see covered by standard privacy policies, therefore, are as follows. However, depending on the data you gather, and how you use it, there are often areas unique to specific business practices that aren’t covered below.

  • The data collected
  • How the data is collected
  • How the data is used
  • Where the data is stored
  • Using the data for marketing
  • Data protection rights
  • What are cookies
  • How the cookies are used
  • The types of cookies used
  • Managing cookies
  • Privacy policies of other websites
  • Changing the privacy policy
  • Contact details
  • Contacting appropriate authorities

 

GDPR. Privacy policy best practices

Your users need to understand exactly what’s good and bad practice, and the wrong and right ways of delivering information.

 

Be direct, instructional, and informative, leaving no room for doubt. Qualifiers such as may, might, some, and often should be replaced with will, won’t, must, mustn’t, all, none, always, and never.

 

If you plan to use the data for research or develop new services, you must be clear when describing the type of research and what each new service is intended to provide.

 

You should write in clear, easy to understand English (or the native language for the website). Using legal or technical jargon is frowned upon, as your users won’t necessarily be specialists in your industry.

 

Always aim to write in the active tense using well-structured sentences and paragraphs.

 

Clear and defined headings make documents easier to navigate, while bullet lists deliver easier to digest information than large text blocks.

 

How to add a privacy policy to your website or app

The following suggestions outline the essential placements for links to your policy page. Ideally, you should try to provide access from every page of your website or app, as your policy needs to be easily accessible to visitors at all times. This promotes transparency and inspires trust. Not only that, more often than not, it’s a legal requirement.

 

In footer links: Traditionally, most privacy policy links will be found in the footer menu, appearing on every page the site. They could even sit with the legal details on the copyright line. This provides the instant access your visitors need, wherever they are within the site.

On sign-up forms: Another good practice is including the link to your privacy policy in the small print at the bottom of sign-up forms. This assures new subscribers that you’re acting according to appropriate laws and practices.

 

Checkout pages: Given the additional personal data collected from a consumer during a sale, many vendors will include their privacy policy at some point in the process. A privacy policy link will often appear alongside terms of service, cancellation, refund, and shipping policies.

 

Cookie consent banners: Cookie consent banners and pop-ups are now standard components on all websites, allowing the website operators to deliver the functionality they intend for their visitors and deliver the information they legally need.

 

Sign-in pages: Signing in or signing up to new services requires your personal data. Including a privacy policy link on these pages is another a healthy reminder of your users’ rights.

 

About menus: Where a website has a dropdown menu containing all of the company history and legislation information, this is another appropriate location for your privacy policy link.

 

How often should a privacy policy be updated?

The way we do business during the modern climate changes from one day to the next, and the way we expect our websites to keep up has become part of everyday life. If any of the systems we add, develop, instigate or amend, affect the way we gather or use our customer or subscriber data, then it must be reflected in the company policy.

 

Reviewing a privacy policy should be a regular practice, and wherever change is required, you must update your policy immediately. If you fail to keep it up to date, you could be in danger of breaking the terms you’re legally required to uphold.

 

Updating users and subscribers

You may be legally required to notify your users of updates. Even where that does not apply to your business, it’s still good practice and should be part of your process.

 

The primary overseers of data protection and privacy all require updates and notifications, each of which will leave organizations open to penalties if they fail to follow legislation.

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • California Online Privacy Protection Act (CalOPPA)

It’s also an opportunity to engage with customers, clients, and subscribers with any additional messages you may want to share with them.

 

Email notifications, pop-ups, and site banner delivery

You can notify users and subscribers in a few different ways. Your website’s cookie consent generally operates as a banner or pop-up message, so another inclusion asking your visitors to review your policy could be the simplest way of highlighting them to it. In other schools of thought, it’s just one more task for your visitors to wade through before they can finally access the content they want to read.

 

Alternatively, you could fire out an email to all subscribers and customers, or add a blog or news page with the latest news. A link featured prominently on your homepage is enough to promote updates—that way it won’t interfere with your visitor’s ability to navigate freely through to the required content.

 

Wrapping things up…

With regulations for data protection and compliance playing such a vital role in today’s websites, isn’t it time that you handed over the hard work to a system that’s quick and easy to deploy and simple to use?

 

PrivacyRun delivers the efficient and cost-effective solution every business needs to manage its website users’ personal data.

 

Our solutions are compliant with CCPA and GDPR, helping users worldwide to stay within the limits of the law, avoiding penalties and hefty fines.

 

If you’d like to know more about how PrivacyRun works and the vital benefits it can deliver to your business, we’d love a chance to tell you all about it. Why not give one of our team a call today, or drop us an email and we’ll get back to you at an appropriate break in your schedule.

About us

What is PrivacyRun?

Here at PrivacyRun we built our solution with you in mind. Our data privacy platform supports your company’s compliance with local data privacy laws like GDPR and CCPA. We enable you to monitor where and how data is handled, track employee training and keep you up to date on privacy requests – helping you navigate the complex world of privacy compliance from one place.

Let’s talk about your project

    Let's talk*

    yarrl is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. If you consent to us contacting you and storing your personal data for this purpose, please tick the checkbox below:

    For more information about our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.