What do you need in your Privacy Policy?

April 20, 2018

Under the privacy laws if you request, keep and process personal data you will need a privacy policy, but what do you actually need in your privacy policy?

Although you might not think you do process personal data initially, every business does somehow.

If you have employees, you store and process personal data.
If you have an enquiry form on your website, you hold and process personal data.
If you keep customer records, you hold and use personal data.
If you use Google Analytics, you are handling personal data.

It’s pretty safe to say your business will need a privacy policy.

The thought of a privacy policy can seem quite daunting. It is not about blinding consumers with legal technicalities though. It’s the complete opposite.

Essentially, your privacy policy needs to be transparent and honest. It’s about moving away from this ‘cloak and dagger’ world of holding onto personal information.

And it’s not just about what you need in your privacy policy, it’s about how you include it.

The Information Commissioner’s Office (IOC) states, in its framework, that privacy policies should be written in easy-to-understand, human language. It shouldn’t read like a lawyer has written it. It should read like a responsible, open person has written it.

So what exactly do you need in your privacy policy the following items, but you need to have it truthfully and in layman’s terms so that it is easily accessible to the reader:

What is personal data?
What personal data do you collect?
How do you obtain this data?
- Information given by the individual, e.g. enquiry forms, email subscription
- Information collected from the individual, e.g. cookies, analytics
- Information from third parties
Why do you collect this data?
Why can you hold this data?
How long you keep this data?
Who uses the data?
How do we protect your data? E.g. internal systems, secure servers, SSL certificates, a 2-tier password system
Who do we share your information with?
What rights do you have?
- Right to be forgotten, e.g. opt-out methods
- Right to request copies of information
- How they can request information

If you follow the above structure, you will have everything you need in your privacy policy.

If you want some help though, get in touch. We help all our website clients work out what they need in their privacy policy and have a template for them to use. Happy to help you too.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-4460635-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

What do you need in your Privacy Policy?

Under the privacy laws if you request, keep and process personal data you will need a privacy policy, but what do you actually need in your privacy policy?

Share this post