The GDPR places a fundamental principle at its core: people have the right to control their personal data. As a company that handles personal data, you have a responsibility to disclose what you do with it. This is where a Privacy Policy becomes essential.
Note: Please keep in mind that this article is here to provide information and is not a replacement for legal advice. We strongly recommend reaching out to a legal expert before you publish your Privacy Policy on your website. Your legal advisor will help ensure that your Privacy Policy aligns perfectly with the law.
What is personal data?
Personal data, according to the GDPR, includes any information that can identify an individual. The range is vast, including but not limited to:
- Email addresses
- First and last names
- Locations (city, town, and country)
- Shipping or billing addresses
- Social security numbers
Even seemingly anonymous data can fall under this umbrella if it can be linked to other data to identify an individual.
Personal data isn't confined to just the basics; it extends to the digital realm. From IP addresses to cookie data, a wide array of information can be classified as personal data. What's more, your website may handle personal data even from individuals who've never directly contacted your company. That's why your Privacy Policy must leave no room for ambiguity about the types of personal data you process and why you need it.
Why do I need a GDPR-compliant Privacy Policy?
Your company might have already drafted a Privacy Policy to adhere to various national laws like the following:
- California Online Privacy Protection Act (CalOPPA)
- Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
- Australia’s Privacy Act
- the United Kingdom's Data Protection Act 1998 (or DPA)
- the EU's Data Protection Directive
- Singapore's Personal Data Protection Act 2012 (PDPA)
However, the GDPR is in a league of its own, setting forth requirements that surpass those of the aforementioned laws. Even if your existing Privacy Policy complies with these laws, it might not meet the rigorous GDPR standards.
Is Privacy Policy mandatory?
Under the GDPR, the Privacy Policy (also referred to as a Privacy Statement or Privacy Notice) is a cornerstone of your company's compliance. In fact, it's not only obligatory under the GDPR but also mandated by numerous other national laws. The advantages of having a GDPR-compliant Privacy Policy are manifold:
- You demonstrate your commitment to safeguarding your customers' personal data.
- Your customers gain clarity about the extent of personal data your company manages.
- You validate the legality of your data protection practices.
One key point to remember is that the Privacy Policy should cater to anyone whose personal data you might process, including visitors to your website.
Tips for creating a Privacy Policy
Important: This article does not offer legal advice and is for your information only. Make sure to seek legal advice before publishing your Privacy Policy on your website.
Here are some pointers to get you started:
- Begin your Privacy Policy with a brief introduction to your company and the purpose of the policy.
- Clearly state the effective date of the Privacy Policy.
- Include your company's legal name and business address.
- Provide contact details for your Data Protection Officer (DPO).
Note: GDPR requires you to write your Privacy Policy in a clear human voice and avoid legal jargon at all costs. You may find more requirements from the European Union in the document attached to this article. A sample Privacy Policy can guide you in the right direction.
How to display your Privacy Policy on your Sitebuilder-based site
The most critical locations for encouraging visitors to review your Privacy Policy are any form where you collect visitors' names and email addresses and your Footer.
Here's how to add a link to your Privacy Policy page in your Form block:
- Create the Privacy Policy page in Sitebuilder. The process is similar to creating a Cookie Policy page.
- Add the Forms block to the desired location on your canvas, click the form itself, and tick the Display GDPR consent field checkbox in its Form settings > Advanced tab.
- Click the Privacy Policy link in the consent field and click its Link icon.
- Set Open a page as a click action in the Link settings and choose your Privacy Policy page from the dropdown list below.
- Click Submit and publish your site to make the changes live.
You’ve added your GDPR-compliant Privacy Policy to your forms.
Here’s how to display your Privacy Policy in your footer:
- Navigate to your footer block and click the footer navigation to open the List settings. (If you don’t have navigation enabled in the footer, go to the Block settings and tick the Footer navigation option.)
- Click the blue Plus (+) button to add the new item.
- Choose Open a page for the click action and choose your Privacy Policy page from the dropdown list below.
- Type the navigation item name into the Title field and click Submit in this and the next window to add your Privacy Policy link to the footer navigation.
You can also merge your Privacy Policy with your Terms and Conditions agreement on your site. See the example in our dedicated article, Creating GDPR-compliant Terms and Conditions (with a sample).