What's a Privacy Policy and Why Am I Legally Required to Have It?

Updated: Nov 29, 2019

privacy policy, privacy policy template, privacy policy generator, website privacy policy, shaka designs, raeanne dimick

This post contains affiliate links which means I could receive a small commission if you purchase a product through these links.

Today, we're talking alllll about Privacy Policies and why your website legally has to have one.

I'll also be sharing a few tips and recommendations on other policies you should have on your site, depending on what industry you're in.

And of course, I will provide you with some resources so you can get these policies on your website asap.


Before we begin...I do need to state that I am not a lawyer and nothing in this post should be construed as legal advice. Legal requirements for these policies vary by country, state, and city and you're responsible for knowing which laws pertain to your online business. As always, if you're unsure about any of this - please consult with a licensed attorney.


What is a Privacy Policy?

A Privacy Policy is a "document" (page on your website) that explains how you handle visitor and customer information. It also explains how that information is gathered and how and what it is used for.

Information that is gathered can be anything from email address, credit card information, IP address, demographic information, and web browsing habits (cookies).

So if you have a way for visitors to sign up for your email list, you're processing store orders, or you even have Google Analytics or a Facebook Pixel linked to your website - you are collecting personal information.

The Privacy Policy covers how you collect the personal information, how you store it and keep it secure, and what it's used for.

Why Do I Need a Privacy Policy?

Well, for one, it's legally required. When we're talking about the United States specifically, there isn't one single law governing this. However, there are multiple laws that affect your online business in the US and the Privacy Policy should address all of them.

If you're doing business with anyone from another country, especially the EU, you'll also want to make sure you are complying with the GDPR.

Basically, a Privacy Policy covers your butt legally. It lets people know in a very clear manner how you're collecting their information and how you're storing (and using) that data and keeping it secure. People want to know you're not going to sell their email to another company or steal their credit card or social security information.

What is the GDPR?

The GDPR went into effect on May 25, 2018. GDPR is short for EU Data Protection Regulation. I won't go into this in huge depth, the basics are that if you are doing business or even collecting data (email, IP, etc.) from people in the EU, you must have a GDRP clause on your website. This can be included in your Privacy Policy.

It is also recommended you add a double opt-in process for email subscribers that are in the EU. I use Convertkit, which automatically knows based off of a persons IP if they're located in the EU. So it will only give the double opt-in to them. Many email service providers including Mailchimp offer a GDPR feature. They all work a little different so do some digging on the platform you use.

If you want to read more into the governing laws for each country and more on the GDPR check out this article from PrivacyPolicies.com