When you’re building a website, you want to ensure that you are creating a digital space and a brand that your readers can trust. You also want to ensure that you’re not inadvertently breaking any of the laws regarding a website’s use of personal data. The General Data Protection Regulation is coming in on the 25th of May, a new set of rules that governs data protection and privacy on all sites active in the EU. For that reason, we need to take a closer at creating a privacy policy for your website.
Why you need it
With the recent leaks regarding personal information of millions of users on Facebook, people are becoming much more aware of what they share online. When the GDPR comes into effect, we can assume that the news will make even more people more aware. Web users are recognising the dangers of sharing data with the wrong people online and becoming more aware of privacy policies in place to protect. If your site doesn’t have a privacy policy or the right security protocols, you could drive potential visitors off.
You need a privacy policy to build trust. You also need them to ensure you’re not breaking any laws. It’s already illegal for websites to ask for personal information without a privacy policy. With the GDPR coming in late May, the ways that companies and websites can gather and share information is going to be even more tightly regulated. Now is the time to ensure you have a privacy policy and that it’s up to scratch.
Third-bodies like Google and Apple also require privacy policies on your website. Without them, your site might not get listed on search engines at all, making them impossible to find. Alongside privacy policies, search engines and third parties also place some importance on the presence of SSL security protocols.
What your privacy policy should include
Most website owners have no intentions to misuse visitor data or share it elsewhere. But your privacy policy is all about making that clear to both your visitors and the regulatory bodies keeping a closer eye out on the web. What should your privacy policy include? There are broken down into a few main sections
· Introduction: Tell visitors a little bit about the website/organisation and any special conditions for collecting information (if users are under 16, for instance)
· What information is collected: Even if the forms on the site make it obvious what information you’re collecting, you should state it clearly. Bear in mind the information that your servers might collect automatically, like site usage activity and IP address.
· How information is collected: Break down the methods used to collect information. Does your site use cookies? Will the server capture some data automatically? Do you use forms to ask directly for info?
· Storage: Where and how is information stored? Who is the data being shared with to store it? For example if you use a third party service to send email campaigns the data might be stored with them and should be disclosed on your privacy policy.
In order to make the policy as transparent as possible, you also need to include contact details so that users can get in touch if they have a query. This should include both an email address (or online form) and a real-world address.
How to make a privacy policy
Now that you understand the importance of a privacy policy and what it should entail, now is the time to ensure you have one or that the policy you have is up-to-date and compliant with current and upcoming regulation. You can do your own research and build it yourself, but iubenda is recommended for the easy and efficient generation of a privacy policy. iubenda charge just $27 a year and they regularly update their privacy policy service by legal experts, so you can ensure that you are creating a policy as relevant to current regulation as possible. It’s always worth reading over the policy, however, to ensure that it is as accurate to your site and your means of data collection and storage as possible. Some legal expertise, whether it’s through iubenda or your own outsourced services, is highly recommended.
Remember if you collect personal data without a privacy policy, you are breaking the law, in many countries. Review your privacy policy and security now to ensure you are compliant with upcoming legislation including GDPR in the UK.
This blog post is the opinion of the writer only and does not constitute legal advice, we recommend you contact a solicitor or speak with iubenda regarding your privacy policy.