Among the important web development trends of 2018, user privacy and how websites handle collected data is at the top of the list. With the imminent introduction of the General Data Protection Regulation (GDPR), it’s more important than ever to ensure you have a privacy policy in place that adheres to its guidelines. Failing to do so could mean incurring severe penalties.
Fortunately, user privacy isn’t an impenetrable topic. There are a few key elements you’ll need to consider, as well as some tools that can help you put the optimal policy in place. There’s the obligatory WordPress plugin solution, but also comprehensive third-party offerings that constantly update based on changes made to your site’s elements.
In this post, we’ll explore what a privacy policy is and why you need one. Then we’ll cover five different ways to implement a privacy policy on your website. Let’s get started!
What a Privacy Policy Is
In a nutshell, a privacy policy is a legal document outlining your approach to managing user data. It explains what data you collect, how it’s used, where it’s stored, and anything else appropriate that your users need to know about the privacy of their collected data. For example, we have our own privacy policy linked to within the footer of every page:
Privacy policies are part of the same family as ‘cookie notices’ (i.e. website banners displaying whether a site collects cookie information). This is because both are implemented to clearly inform users that their data is being collected, as well as why and how.
As you can imagine, privacy policies can run to either a few lines or reams of detailed legal verbiage (although that would likely hamper the reader’s understanding). In short, you’ll usually find the following:
- Clarification on what constitutes a user, the website, and any other relevant party.
- Information on how data is collected on your site.
- An overview of how the collected data is used once it’s been obtained.
- What the visitor can do to make sure their data is deleted.
You may find that some privacy policies don’t include some of this information currently. However, as we’ll explain, all websites will shortly be required to add these elements, with heavy penalties facing those who do not comply.
Why a Privacy Policy Is Necessary For WordPress Websites
As we mentioned, the EU Cookie Law is almost a precursor to initiatives being introduced this year. The GDPR radically overhauls compliance for practically every website, and in contrast to the current Cookie Law, will include stiff penalties for those not complying with the directive.
While the GDPR, Cookie Law, and implementing a privacy policy, in general, is platform-agnostic, for WordPress users the waters become a little more muddied. For starters, there are many cogs that turn to drive the entire platform – elements such the plugins and themes you use will log data, for example.
What’s more, many users will have third-party tools and solutions that help them manage a site day-to-day, which is to be expected. If you or your clients use tools such as Google Analytics or InspectLet, these will also capture user data, meaning your privacy policy needs to reference this too.
It’s definitely a minefield, but one you will have to traverse if you want to stay on the right side of the law. Our advice is that if you’re considering this option solely based on the amount of work it will take to implement, it’s not a wise idea. The GDPR will mean authorities have the power to dish out millions of dollars worth of fines to non-complying sites. In short, the buck stops with you.
5 Solutions For Implementing a Privacy Policy on Your Website
Let’s take a look now at how to implement your privacy policy simply and effectively. Each of the solutions below is GDPR-friendly and are comprehensive enough (or have the scope) to handle any custom user privacy situation you or your clients may have. Let’s take a look!
1. Manually Create a Privacy Policy
First off, there’s nothing wrong with manually creating your own privacy policy if you feel it’s warranted. After all, it’s usually just a detailed statement of how you’ll capture and use visitor data. For websites with either zero or very little in the way of data collection, this method may be ideal.
We’ve mentioned what a privacy policy should contain already, but just to reiterate, you should include:
- Details on the information you collect, and how you do so.
- Why you’re collecting the information.
- Whether third-party services associated with your site collect information, and the details (such as ad networks).
- Clear guidance on whether users can opt out of data collection, and contact details in order to discuss things further.
However, unless you get the wording exactly right, your privacy policy could land you in hot water should any data breaches occur. Of course, you could get your privacy policy looked over by a legal professional, but you may find more value in a dedicated service. Let’s take a look at the rest of the options.
2. iubenda
In our opinion, iubenda is the most comprehensive and easy to use service available, and we really like the concept. Because many websites (especially WordPress-powered ones) are made up of many moving parts, you’ll likely have various data collection points throughout your site’s code. Keeping tabs on all of these could be difficult, but iubenda’s module-based system makes the process a breeze.
In short, you’ll piece together your privacy policy from a comprehensive list of services, resulting in a complete, ready to roll page that can be embedded or linked to as you wish. What’s more, each module is updated automatically when required. It’s going to be a great timesaver for high-traffic sites, or those handling sensitive data. However, it’s probably overkill for smaller blog-type sites.
As for pricing, it’s incredibly reasonable at its core. Ultimately, while there’s a free plan, you’re likely better off purchasing a license starting at $27 per year for one site, or a multi-license for $9 per month.
3. Shopify Privacy Policy Generator
The Shopify Privacy Policy Generator is (unsurprisingly) from the Shopify team – a leading non-WordPress specific ecommerce solution. Given that their business is heavily-focused on leveraging user data, it makes sense that they provide helpful tools for their user base. This particular service will be suitable for any e-commerce site owner, and what’s more, it’s completely free to use.
In a nutshell, this solution is just like creating your own privacy policy. Once you provide some essential details, you receive a tailored privacy policy in text form, which you can then paste into a post or page:
It’s arguably the quickest and simplest solution available, which makes it great for Minimum Viable Products (MVPs) and startups in need of a quick launch. However, because it’s essentially a one-size-fits-all solution, it could miss out vital aspects of your site. In addition, it’s not WordPress-specific, so it won’t offer the same detail as other policies.
4. Auto Terms of Service and Privacy Policy
As for WordPress plugins, Auto Terms of Service and Privacy Policy is one of the best available for creating clear-cut, and comprehensive privacy policies. By using this plugin, you’ll be amending the Terms of Service (TOS) and privacy policy of Automattic – the developers of WordPress – meaning it’s totally free to use.
It’s similar to Shopify, in that you’re adding your own details to a template privacy policy. However, Auto Terms of Service and Privacy Policy allows you to configure a more robust solution tailored to the specific requirements of your website. It’s also extremely easy to use.
Overall, Auto Terms of Service and Privacy Policy is going to be great for those needing a quick way to protect themselves temporarily, and the fact that it’s a WordPress plugin is a major plus.
5. TermsFeed
Finally, we have TermsFeed. This is one of the more popular third-party privacy policy generators, and it works in a similar vein to iubenda. In essence, you select what to include, and TermsFeed generates a privacy policy you can link to or embed, which is then updated automatically.
The main perk of TermsFeed is the vast number of different policies you can generate:
We’d arguably put this aspect ahead of iubenda’s, although both services are pretty similar overall. However, where TermsFeed falls down is its ambiguous approach to pricing. While there’s a clause-limited free service, premium policies require a one-time payment that is calculated upon creation. Because of this, it’s likely not going to be a solution for the budget-conscious.
Conclusion
Making sure you have a privacy policy in place before ‘GDPR doomsday’ should, naturally, be a high-priority task. It’s not necessarily easy, but one you’ll want to undertake given the potential to be fined for a misstep.
This post looked at five ways to create a GDPR-friendly privacy policy for your website. Let’s recap them quickly:
- Manually create a privacy policy. If you can access the legal know-how, writing your own privacy policy is a great option.
- iubenda. A comprehensive service ideal for the vast majority of websites.
- Shopify Privacy Policy Generator. This solution can’t be beat for a quick e-commerce privacy policy template.
- Auto Terms of Service and Privacy Policy. As WordPress plugins go, this is a must-have for generating a quick privacy policy.
- TermsFeed. While this is also a comprehensive solution, you’ll likely need a decent budget to create your privacy policy.
Do you have a question about how to implement a privacy policy on your WordPress website? Ask away in the comments section below!
Featured image: mohamed_hassan.
2 Comments