Do I need a privacy policy on my website

Website Privacy Policy

Today, we’ll be looking at privacy policies and the latest business requirements when using and storing customer data.

With GDPR fines increasing by 40% during 2020-2021, understanding your compliance requirements is more critical than ever.

Let’s dive in.

  1. Why do I need a privacy policy on my website?
  2. What are the key components of a privacy policy?
  3. What is the best way to create and maintain a privacy policy?
  4. Next Steps

Do I need a privacy policy on my website?

If you have found yourself asking, “Do I need a privacy policy on my site? The answer is a definite yes.

Regardless of your location, if you operate online, you are likely covered by at least one set of compliance requirements.

The most well known include:

  • Europe – EU General Data Protection Regulation (GDPR)
  • USA – California Consumer Privacy Act (CCPA)
  • Brazil – General Data Protection Law (LGPD)
  • Canada – Consumer Privacy Protection Act (CPPA)

If you have customers across multiple locations, you must follow the specific data privacy laws that protect each geographical group.

These laws apply across your marketing assets, including online chat, lead magnets, analytics and online advertising platforms like Google, Facebook and Linkedin.

What is a privacy policy?

Privacy policies are legal documents that let your customers know what data you are collecting from them and how you plan to store and share their personal information.

Typically you will outline how long you plan to retain their information and the security measures you have in place. The exact details will depend on the regional requirements covering your customer locations.

Personal information can be anything that can be used to identify someone, like name, address or credit card.

More and more online consumers are paying attention to privacy policies as cyber-attacks become more commonplace. 87% of respondents surveyed by Mckinsey stated that they wouldn’t do business with an organization if they had concerns about its security practices.

One last point. Many businesses think their hosts’ privacy policy covers their websites; however, this is not the case. For example, if you run an e-commerce site on Shopify, you still need to create a privacy policy for your business.

Without one, you could be subject to fines for noncompliance.

What are the key components of a privacy policy?

Privacy policies can vary in length and detail, but they are generally expected to include several key elements:

  • Introduction: An overview of your organization and any subsidiaries and an outline of the scope of the policy.
  • Information collected overview: A listing of the data collected, such as personal information like names, email addresses, and other contact information.
  • Methods of data collection: A description of how your organization collects the above information. such as when customers register for services or complete surveys—or the use of cookies to browse the site.
  • Information usage and storage: Defines how your organization uses and stores the collected information in accordance with privacy and security regulations. This can also include elements of the visitor’s data rights and how to view and update their preferences.
  • Contact details: How to contact the organization with questions or requests for the data held about a customer, or how to exercise one of their other data protection rights.

What is the best way to create and maintain a privacy policy?

Organizations that do need a privacy policy on their website have several options when it comes to creating and maintaining a privacy policy. However, given the dynamic nature of privacy laws and compliance regulations, some offer more protection and peace of mind than others.

Your options include:

Do it yourself using a template.

It can be tempting to use a free or purchased template or even to copy an existing policy. However, this approach comes with the possibility of missing or misinterpreting key information and putting your business at risk of noncompliance. 

This approach also requires your team to monitor relevant privacy requirements for changes that may affect your privacy policy and to update it accordingly.

Hire a lawyer.

This approach provides your organization with a privacy policy that covers the relevant laws, but it is a static solution that will require additional costs and time to update the policy as regulations or your business evolve. You may also find that you require legal services in more than one jurisdiction.

Partner with a data privacy compliance expert.

A third option that overcomes the downsides of the other options is choosing to partner with an organization that provides a dynamic solution that will constantly and automatically update your privacy policy as the legislation evolves and as your customer locations and business needs change.

At Dataships we partner with companies to fully automate their compliance requirements. Our system takes care of customer data requirements from first touch to last – no matter where they are in the world. 

Our team of experts is on hand to talk through your current compliance strategy and talk through your options if you’d like to set up a quick call.

Summing up

Creating a privacy policy is more than just another box to check; it is a critical signal to your customers that you take their privacy and data security seriously. It is also a requirement to operate in many countries.

Online consumers are also paying more attention to how businesses use and store their data. So effectively outlining your privacy policy is only set to become more important when growing a business online.

Want to learn more about how to ensure your organization is using data for marketing purposes correctly and effectively? Download our “Direct Marketing Checklist.

Your first-party data strategy for Shopify

Over the last 5 years, customer acquisition costs have grown by over 60%, and this trend is only set to continue. See how your Shopify business can spend less and sell more with a first-party data strategy.