Does My Website Need a Privacy Policy?

You may have seen businesses in England with privacy policies on their websites. Since the General Data Protection Regulations (GDPR) were introduced to the European Union in 2018, business owners now have greater responsibilities to protect the data they accumulate as part of their business operations. Therefore, more and more corporations display privacy policies on their web pages, which helps them abide by the regulations set out in the new data protection laws. As a business owner, to ensure you comply with GDPR, you will need a privacy policy on your website to explain what you are doing with the information you gather from members of the public. This article will explain privacy policies, whether your business’ website needs a privacy policy, and what you need to include. 

Privacy Policies 

A privacy policy is a written statement that outlines how your business intends to use, handle and store the personal information you collect from members of the public. Personal information is any information that someone can use to identify a member of the public. Personal data can include: 

• names; 
• contact details, including phone numbers and email addresses;
• bank details; and
• certain information relating to your location.  

Privacy notices are a legal requirement under the General Data Protection Regulations (GDPR) introduced to English Law in 2018. 

GDPR 

The General Data Protection Regulations (GDPR) impose more stringent rules on businesses operating within the European Union on the collection, storage and processing of personal data belonging to EU citizens. 

The GDPR places greater responsibilities on businesses to prevent data breaches while imposing hefty fines on companies not complying with the legislation. The regulations give the following rights to members of the public, which can impose restrictions on your usage of personal data. These include:

• the right to be informed about how you use their personal data;
• the right of access to that data;
• the right due to correct that data;
• the right to be forgotten and erase that data; 
• the right to have their data safely stored; and 
• the right for their data to be kept for no longer than needed. 

In the context of privacy notices, to become GDPR compliant, the law mandates that all businesses and data controllers are open and transparent with how they use the personal information they collect from clients and customers. 

Therefore, businesses operating in the European Union must legally have a privacy policy.

Startup Manual

LegalVision’s Startup Manual is essential reading material for any startup founder looking to launch and grow a successful startup.

Download Now

What to Include in Your Privacy Policy

Businesses have always used privacy policies to inform customers how they use and store their personal data. However, the GDPR means companies must include more detailed disclosures in their privacy policies. 

Your privacy policy must state the following:

• the purpose of why you are collecting and processing a person’s data;
• the legal basis for why you are holding data, for example, via consent or for the performance of a contract; 
• how long you are going to keep that information for; 
• a person’s rights to request access or deletion of that data; and
• the right to complain to the Information Commissioner’s Office if someone thinks you are wrongfully using that information. 

For example, your business may conduct data collection activities for marketing purposes. This means you may collect email addresses and distribute marketing materials to those email addresses to help them get more sales.

Other businesses may use tracking technologies to monitor what pages within a website members of the public have clicked on. Using that data, they will use interest-based advertising techniques to market new and similar products to those persons. 

It is also a requirement for businesses performing data collection activities to declare where they store personal information. They must also state whether they store it outside the European Economic Area.

Lastly, your business must never forget to include its name and contact information in a privacy notice. That must include a phone number, email address and business address to contact in an emergency. 

Where to Display Privacy Notices 

You should display privacy notices on your website in an easily accessible location. Most companies place a link to their privacy notice in the footer of their web page. 

You must ensure that your privacy notices are easy to read on various web browsers and clearly identify your intentions to use and handle a customer’s data. 

Key Takeaways

The General Data Protection Regulations advise businesses to be clear to the general public about what data they are collecting from them, the purpose of their data collection operations and how they are legally allowed to collect that information. To become GDPR compliant, businesses operating in the European Union must display privacy notices on their websites to disclose to their customers that they are safely and securely handling their personal data. Privacy notices must, by law, state-specific information. It is, therefore. advisable to get a lawyer’s advice advisable e if you need assistance drafting a privacy notice.

 If you need help ensuring your business is GDPR compliant, our experienced data, privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.

Frequently Asked Questions