Skip to Navigation Skip to Content

Do I need a privacy policy? It’s one of the most asked questions in data privacy forums around the world. While it’s more than likely that yes, you will need a privacy policy, there are rare instances where you might not. Below are some FAQs to help you understand the importance of a privacy policy, and whether you need one or not.

What is a privacy policy?

A privacy policy is a written statement on how your business collects, uses and secures information about visitors to your website. No two policies are the same, just like how no two businesses are the same. Each must be customized according to the way a business operates and handles data, and to the customers they interact with.

Why is a privacy policy important?

A privacy policy is designed to hold businesses accountable and ensure they act in the best interests of their customers.

In the wake of numerous data breach and abuse scandals by the likes of Facebook, Uber, and other companies who handle some of the most sensitive details about us, both regulators and consumers grow increasingly concerned with how their data is used and protected online.

The demand for greater data transparency, security and user consent has given rise to tougher legislation such as the EU General Data Protection Regulation (GDPR).

While customer data is one of the most valuable assets a business can have, laws like the GDPR provide users with greater control and protection of their privacy.

Do all websites need a privacy policy?

No, only websites that collect personal data are required to have a privacy policy.

However, you still need to understand that having a privacy policy is a legal requirement in most countries if you do collect personal data, even if you didn’t know you were.

Without one, as a worst-case scenario, your business could get hit with a hefty fine and your website taken down, especially if you’re found to be in breach of local privacy laws.

Third party services may be collecting personal data on your website. You’re still responsible for this.

Besides the fact that your business may be subject to wide-reaching data privacy and protection laws such as the General Data Protection Regulation (GDPR), you could be collecting data about your users without even realizing it.

For example, all websites collect log data by default, which consists of information such as a visitor’s IP address. Under the GDPR, this is considered personal data as it can be used in combination with other data to personally identify someone.

A plugin or API might also be collecting personal data through your website. If so, you’ll need a privacy policy. If you’re unsure, read the privacy policy of each and every plugin and API your website uses … or just to be safe, create a privacy policy and sleep better for it.

It takes less than 2 minutes with our Privacy Policy Generator, or you can use our Privacy Policy Template to create your own.

Third party services may require you to have a privacy policy to use their platform.

Some content services and third-party platforms may request a privacy policy before they agree to work with you. Instagram, for example, asks for a link to your privacy policy when you request full access for your app. And some digital marketplaces, such as Google Play and the App Store, require a privacy policy for any app that handles personal or sensitive user data.

If you have an offline “side hustle” or a business that isn’t presented on a website or app, you may be wondering whether you still need a privacy policy.

The short answer is: possibly.

Even handmade jewelry stores or home-based hairdressing businesses may still need a privacy policy, but this depends on how your business operates and which data privacy laws apply to you.

Most existing legislation explicitly targets businesses that have a website. For example, the California Online Privacy Protection Act (CalOPPA) was the first law in the US to require businesses to feature a privacy policy on their website.

Other regulations, however, such as the General Data Protection Regulation (GDPR), don’t focus exclusively on online businesses. The GDPR states that the laws apply to “the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.”

Similarly, the Australian Privacy Act (1988) applies to certain businesses and government agencies that handle personal information about consumers.

Under these laws, the method of collection doesn’t really matter. As long as you’re collecting personal information about your customers, suppliers, partners and other people who come into contact with your business, you may need a privacy policy.

If your business doesn’t collect any personal data from customers or users of your website, why have a privacy policy?

The short answer is that while you may have a simple brochure website for your small business, having a privacy policy is valuable either way. Even if you don’t collect any personal data from your customers, it’s still a good idea to have a policy that reassures them that your business doesn’t do so.

Do I need a privacy policy even if my country doesn’t require one?

One thing about data privacy laws that you need to understand is that it’s actually not about the laws in your country; the laws aren’t protecting your business, they’re protecting the citizens of their region.

If your business collects personal data from a citizen of the EU, you’ll need to follow the rules set by the GDPR.

If your website collects personal data from US citizens in California, you’ll need to follow the CCPA / CPRA.

Can the EU enforce GDPR fines on businesses outside of the EU that don’t have a privacy policy?

When it comes to enforcing fines, that’s when things become a little too technical for this article. But it’s worth noting that your service could absolutely be banned in the EU or any country that you break the laws of, and in our opinion that risk isn’t worthwhile when compliance solutions are so affordable.

Need a privacy policy? Here’s how you make one.

If you’ve read the above questions and decided that you’re one the millions of businesses that are required to have a privacy policy, we can help. Generate a comprehensive privacy policy for your website in just a few minutes with our Privacy Policy Generator.