Why do you need a Privacy Policy

Why do you need a Privacy Policy?

Linkilaw Legal Documents

Whether you’re a big corporation or a start-up, your company probably collects “personal data”. And if you don’t want to violate the law, you need a Privacy Policy.

A Privacy Policy is a legal document that tells customers how their personal data is used. In this article, we’ll discuss why you need a Privacy Policy, what it should include and what happens if you don’t have one.

What is personal data?

“Personal data” is a term defined in the General Data Protection Regulation (GDPR). The GDPR is the EU-wide regulation about data privacy. Broadly speaking, “personal data” means information that can identify an individual person.

This includes information that identifies someone directly or when combined with other data. Contact information, like your name or email address, is a common example of personal data. But, personal data can also include technical information, like account information and IP-addresses.

What is a Privacy Policy?

A Privacy Policy is a legal document that explains how a company uses personal data when performing their services. It also specifies the legal reasons why the company is allowed to use personal data the way it does, as well as what the user’s rights are. (Note that a Privacy Policy is sometimes referred to as a “Privacy Notice” or a “Fair Processing Notice”.)

Do I need a Privacy Policy?

In short – yes. If EU citizens use your website, then you’re legally required to have a Privacy Policy. This rule is set out in both the GDPR and the UK Data Protection Act 2018, which compliments the GDPR and adds requirements specific to the UK. So, as soon a s you start to collect data directly from users, it’s time to post a Privacy Policy. (It doesn’t necessarily matter where you display your Privacy Policy, as long as it’s accessible and easy to find.)

Not only is a Privacy Policy legally necessary, many third-party services require it. For example, Apple’s terms require a Privacy Policy to put an app on the App Store, and Google’s terms require a Privacy Policy to use Google Analytics.

What should a Privacy Policy include?

Every Privacy Policy has to include certain information, and it has to be customised to the specific ways you use personal data. Some of the key information you have to put in a Privacy Policy includes:

  • Details about the company
  • What kinds of personal data you collect
  • Why you collect personal data
  • Which third parties you receive data from and send data to
  • Where you keep personal data and how you keep it secure
  • How long you keep personal data
  • Details about automated decision-making and profiling
  • What rights individuals have under data protection laws
  • How to contact you

(Keep in mind this is not a full list of requirements, just some of the most important ones.)

In addition to making sure you cover all the required topics, it’s also important to word your Privacy Policy the right way. Privacy Policies are required to be concise, transparent, understandable and accessible. This means you need to explain your data use in a clear way without using any super-technical terminology.

Consequences of non-compliance

Choosing not to put up a Privacy Policy is not a low-risk decision. If you don’t comply with the UK Data Protection Act or the GDPR, you could be exposing your company to a hefty fine. The fines for violating people’s privacy rights can be up to 4% of your global revenue or €20 million—whichever is higher.

Final thoughts

Even though most people won’t read your Privacy Policy (other than lawyers), it’s still crucial to have one. Whether your company is located in the EU or not, there’s a chance you might collect personal data from an EU citizen—which means you need a Privacy Policy. Keeping your company compliant with data protection laws will save you time and money, and increase your customers’ trust in you.

For help writing a legally-compliant Privacy Policy, don’t hesitate to get in touch.

Why do you need a privacy policy - CTA