Skip to content

Does My Website Need a Privacy Policy?

Table of Contents

You may have seen businesses in England with privacy policies on their websites. Since the General Data Protection Regulations (GDPR) were introduced to the European Union in 2018, business owners now have greater responsibilities to protect the data they accumulate as part of their business operations. Therefore, more and more corporations display privacy policies on their web pages, which helps them abide by the regulations set out in the new data protection laws. As a business owner, to ensure you comply with GDPR, you will need a privacy policy on your website to explain what you are doing with the information you gather from members of the public. This article will explain privacy policies, whether your business’ website needs a privacy policy, and what you need to include. 

Privacy Policies 

A privacy policy is a written statement that outlines how your business intends to use, handle and store the personal information you collect from members of the public. Personal information is any information that someone can use to identify a member of the public. Personal data can include: 

  • names; 
  • contact details, including phone numbers and email addresses;
  • bank details; and
  • certain information relating to your location.  

Privacy notices are a legal requirement under the General Data Protection Regulations (GDPR) introduced to English Law in 2018. 

GDPR 

The General Data Protection Regulations (GDPR) impose more stringent rules on businesses operating within the European Union on the collection, storage and processing of personal data belonging to EU citizens. 

The GDPR places greater responsibilities on businesses to prevent data breaches while imposing hefty fines on companies not complying with the legislation. The regulations give the following rights to members of the public, which can impose restrictions on your usage of personal data. These include:

  • the right to be informed about how you use their personal data;
  • the right of access to that data;
  • the right due to correct that data;
  • the right to be forgotten and erase that data; 
  • the right to have their data safely stored; and 
  • the right for their data to be kept for no longer than needed. 

In the context of privacy notices, to become GDPR compliant, the law mandates that all businesses and data controllers are open and transparent with how they use the personal information they collect from clients and customers. 

Therefore, businesses operating in the European Union must legally have a privacy policy.

Front page of publication
UK Startup Manual

LegalVision’s Startup Manual is essential reading material for any startup founder looking to launch and grow a successful startup.

Download Now
Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

What to Include in Your Privacy Policy

Businesses have always used privacy policies to inform customers how they use and store their personal data. However, the GDPR means companies must include more detailed disclosures in their privacy policies. 

Your privacy policy must state the following:

  • the purpose of why you are collecting and processing a person’s data;
  • the legal basis for why you are holding data, for example, via consent or for the performance of a contract; 
  • how long you are going to keep that information for; 
  • a person’s rights to request access or deletion of that data; and
  • the right to complain to the Information Commissioner’s Office if someone thinks you are wrongfully using that information. 

For example, your business may conduct data collection activities for marketing purposes. This means you may collect email addresses and distribute marketing materials to those email addresses to help them get more sales.

Other businesses may use tracking technologies to monitor what pages within a website members of the public have clicked on. Using that data, they will use interest-based advertising techniques to market new and similar products to those persons. 

It is also a requirement for businesses performing data collection activities to declare where they store personal information. They must also state whether they store it outside the European Economic Area.

Lastly, your business must never forget to include its name and contact information in a privacy notice. That must include a phone number, email address and business address to contact in an emergency. 

Where to Display Privacy Notices 

You should display privacy notices on your website in an easily accessible location. Most companies place a link to their privacy notice in the footer of their web page. 

You must ensure that your privacy notices are easy to read on various web browsers and clearly identify your intentions to use and handle a customer’s data. 

Key Takeaways

The General Data Protection Regulations advise businesses to be clear to the general public about what data they are collecting from them, the purpose of their data collection operations and how they are legally allowed to collect that information. To become GDPR compliant, businesses operating in the European Union must display privacy notices on their websites to disclose to their customers that they are safely and securely handling their personal data. Privacy notices must, by law, state-specific information. It is, therefore. advisable to get a lawyer’s advice advisable e if you need assistance drafting a privacy notice.

 If you need help ensuring your business is GDPR compliant, our experienced data, privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.

Frequently Asked Questions

Can I write my own privacy policy?

You can write your privacy policy, but it is advisable to seek legal advice to help you ensure your privacy policy adheres to the applicable data protection laws.

Do I need a privacy policy in England?

Yes, under the General Data Protection Regulations, all businesses operating data collection and processing operations inside the European Union must present a privacy policy stating how they handle personal data on their website. 

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Edward Carruthers

Edward Carruthers

Read all articles by Edward

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards