Privacy Policies: Is Your Business at Risk?

privacy policy

What You Need to Know About Privacy Policies

Across the globe, regulations exist that require companies of all kinds to state privacy policies. This is in order to protect their citizens. The most recent of these regulations is the EU General Data Protection Regulation (GDPR). This took effect in May of 2018. As a result, it affects any business that collects personal information from any European citizen. Similarly, regulations in other countries state a few of the same rules. Due to the global nature of the Internet, you MUST have a privacy policy. It must be stated on your website if you collect any personal information from website visitors. Additionally, many third-party services require you to state a privacy policy before using their services.

Who Needs a Privacy Policy?

All companies that collect any sort of personal data from users. There are many types of data collection that qualify. Here are a few examples:

  • Do you have a “contact us” form on your website that requires users to enter their email addresses and/or names?
  • Have you utilize website analytics?
  • Are you running any online ad campaigns?
  • Have you developed any apps for users? (Includes iOS, Android, Windows, Facebook, etc…)
  • Does your business utilize Amazon?
  • Does your website collect/store cookies?

What Information Qualifies?

Any information that can be used alone or in conjunction with other information to identify a person. This includes:

  • Email
  • Name
  • Location (city, country, etc)
  • Address
  • Social security number
  • And more

What Third Parties Require Privacy Policies?

Many third parties require privacy policies. Before you sign up with a new service, make sure to comb the fine print. Therefore, you’ll find out what type of privacy policy is required. Some common third parties are listed below:

  • iOS app store
  • Android app store
  • Windows app store
  • Google Analytics
  • Facebook (apps and ad campaigns)
  • Amazon
  • Many others

What Must Be Stated in a Privacy Policy?

Privacy policies can vary from business to business. That being said, what you must state on your website depends largely on your individual company. Make sure to talk to a legal professional to cover all your bases. Here are some general guidelines that apply to most privacy policies:

  • What kind of data do you collect from users and how?
  • How do you use the data you collect?
  • How do you protect the data collected?
  • Do you share this data with anyone else? What do you share and with whom?
  • Can users access and/or control their personal data? If so, how? It’s a good idea to outline a way for customers to access the data you’ve collected from them. It doesn’t hurt to include a way for users to opt-out.
  • The policy must be straightforward, easily understandable, as well as readily accessible to website users. This means no “leagalese”. There is no fine print, and no hiding the policy in the depths of your website.

Overall, a privacy policy is essential for protecting your business. Additionally, it lets your customers know what you’re doing with their information. Without a clearly-stated privacy policy, your business could face serious reparations. This could be from multiple authorities. For example, the FTC, the European Union, and many others.


  1. “Privacy Policies are Mandatory by Law.” TermsFeed, 25 Feb. 2018, Accessed 5 July 2018.
  2. Osterberg, Lars. “You Need a Privacy Policy in 2018: Here’s How to Start.” HubSpot, 29 Mar. 2018, Accessed 5 July 2018.
  3. Brandom, Russell. “Everything you need to know about GDPR.” The Verge, 25 May 2018, Accessed 5 July 2018.


More Posts