Privacy Policy Generator – Ensure Your Site is GDPR Compliant

What exactly is a Privacy Policy generator?

What is a Privacy Policy?

Are you familiar with GDPR? And CCPA?

If you’re not sure how to answer those questions then maybe this article is for you!

BEFORE you publish your first article…

BEFORE you collect subscribers…

And BEFORE you sell any products…

You need a Privacy Policy on your website.  It’s non-negotiable.

But what should you include in your Privacy Policy?  How do you write one?

TL;DR – Recommendation

If you just want to know my recommendation…

I’m suggesting you use The GDPR Framework WordPress plugin.  This is a free plugin from Data443 providing a Privacy Policy generator.

It creates a Privacy Policy structure using both:

1. Customized data you enter during setup
2. Placeholders for information you research and update manually

Check out the video tutorial I’ve created below.  I walk through the process from plugin installation to policy creation.

Explanation of terms

GDPR – General Data Privacy Regulation 

CCPA – California Consumer Privacy Act

I will not attempt to describe or explain in any detail what GDPR or CCPA require.  These are complex regulations.  There is also significant information available regarding both of these.

But at a high-level, they’re all about the customer’s rights over the use of their personal information online.

Data

1. Personal data – anything that identifies an individual.  This includes name, email address, birthday, credit card, IP address, cookies, etc.
2. Non-personal data – information not specific to a particular person.  Examples: pages visited on your website, web browsers used, devices used, etc.
3. Processing data – usage of data.  Activities like: sending email, comments on your posts, subscriptions to your newsletters, payment information for products, etc.

Privacy Policy

1. Required for any business which processes personal data.  If you have an online presence and you interact with your audience via email, then you process data!
2. Explains how you use personal data
3. Exists to protect your customers/audience/followers/users

Terms and Conditions (Terms of Service)

1. Outlines expectations of both the business and the customers (audience/followers/users)
2. Exists to protect your business

Disclaimer/Disclosure

1. Describes specific types of liabilities, exclusions, and warnings
2. Exists to protect your business

Below is a perfect example of a disclaimer.  And not just an example, it’s a legitimate disclaimer!

DISCLAIMER:

WOWIT Enterprises Inc. provides this article for informational purposes only.  While all attempts have been made to ensure the accuracy of the information within this article, neither the author nor the publisher assumes responsibility for errors, omissions, or contrary interpretations.  The information contained herein is offered without warranty, either expressed or implied.  This does not provide, nor constitute, any financial, legal, or medical services or advice.

How to use a Privacy Policy generator

If this is your first online business then you’re probably feeling overwhelmed.  There is just so much to learn.

That’s one of the reasons why I recommend using The GDPR Framework WordPress plugin.  It’s a Privacy Policy generator that gives you the structure you need. 

NOTE: I’m not an affiliate.  I just really like the product and use it myself.

The wizard prompts you through the setup process.  Then the Privacy Policy is created based on your input.

It also includes a DSAR – Data Subject Access Request.  This allows your customer access to their data without your manual intervention.

I’ve outlined the process in a video tutorial for you.  Starting with the plugin installation, using the wizard, through to the Privacy Policy creation.

What you’ll need ready before you start

1. Data Protection Email address – this is the email address (preferably already created) you will specify be used for your site as a point of contact in the Privacy Policy.  You’ll need to specify this email during the plugin setup.
2. Company details – your company’s legal name and country of registration
3. Data Protection Authority information – research your jurisdiction to identify this regulatory body.  You’ll need their website URL, a contact email address, and their phone number. 

Perhaps you’re interested in CCPA compliance instead of GDPR.  Data443 also has a plugin for that: The CCPA Framework plugin.

Personally, I recommend using the GDPR plugin and then adding any other elements to the Privacy Policy manually.

NOTE: Using the Privacy Policy generator does not mean you are compliant.

The framework gives you the structure and a solid starting point.  You still need to perform due diligence.  Which could include obtaining your own legal advice.

Why do you need a Privacy Policy?

Legality

Privacy compliance is based on the jurisdiction where the customer resides.  NOT where you’ve registered your business.

As your business is online, it’s quite likely you’ll have customers from around the world.  In fact, you’re probably hoping you do!  

And most jurisdictions legally require a Privacy Policy for an online business that processes personal data.

Third Party Companies

You will be involved with many other companies in support of your business.  Companies like website hosting providers, domain providers, email service providers, Google Analytics, advertising networks, affiliate programs, etc.

Most of these companies require you to comply with privacy laws as a condition of service.  And that means they’ll want to review your Privacy Policy.

No Privacy Policy?  No service. 😢 

Reassurance

A big part of building your online brand is earning the trust of your audience.  A great way to demonstrate your trustworthiness is to show your customers you respect their privacy.

What to include in your Privacy Policy

So what, exactly, needs to be included in a Privacy Policy?  Even though I recommend you use the Privacy Policy generator through the plugin, you WILL need to confirm the output.

Who are you 

The first section is fairly straight forward.  You need to identify yourself and how you can be reached.

List your actual business name as this might be different from your website name.  And list at least one method for contact. 

Most people provide an email address.  But you’re welcome to add other methods.

What information do you collect

This is where the “fun” begins.  It can be difficult to understand and describe the information you collect.  Here’s what you need to consider:

1. Information you request – things like email addresses, data through contact forms, etc.
2. Automatic data collection – data through website usage.  Things like browser type, operating system, device, etc.  And don’t forget cookies – this could be an entire book alone!
3. Partners/Advertising – any specific data collected by your partners or your advertising network

Why do you collect information

You need to let your audience know why you collect information.  In some instances, this is very obvious.  For example, you collect email addresses in a contact form so that you can respond to their messages.

But don’t forget tracking and statistics.  You want to improve your website and serve your customers better.  So you track how your site is used.

How is information shared

It’s critical you are honest and direct about how customer information is shared.  You want to ensure you’re sharing only the information necessary for your business to function well.

And you should include references to the Privacy Policy information of your partners too!

How is the information secured

Reassure your customers that their information is secure.  This is a great place to highlight your security certification.

When you registered with your hosting provider you should have obtained the SSL certificate.  This is what provides you with the “https” designation for your site.  As opposed to just “http” which is not secured.

These days, most people look for this designation as a sign of security.

How does the user access their information

One of the key features of many privacy laws is the ability to access your data.  To see what data is being collected, confirm whether it is accurate, have it updated if necessary, or even have it deleted.  

You’ll want to confirm you provide this access.  And outline how they have access and the scope.  They can view, modify, and even have their data erased through the Privacy Tools page (generated with the plugin).

Ready for business with your Privacy Policy in place

You’ve covered a lot of information in this article:

1. Considered the scope of GDPR and CCPA
2. Clarified different types of data and the definition of “processing data”
3. Reviewed the differences between Privacy Policy, Terms and Conditions (Terms of Service), and Disclaimers/Disclosures
4. Learned about DSAR (Data Subject Access Request)
5. Evaluated the elements of a Privacy Policy

And, of course, the key feature – the video tutorial.  Where you’ve seen how to use the Privacy Policy generator through The GDPR Framework plugin.

You’re all set to apply your own Privacy Policy!

Like This Post?  Put a Pin On It!

Did you find this article useful and helpful?

Share this WOWIT post on social media!

Have some suggestions of your own?

Click the Submit Comment button below to let us know!

Want More?

Would you like to learn more about this topic? Or perhaps explore some other topics? Choose from one of the categories below to see more:

Subscribe to our newsletter to have information delivered right to your inbox.