Website Privacy Policies 101

All You Need To Know About Website Privacy Policies

Every business relies heavily on data and information. They possess the collected dara for product research and marketing strategies.

You must protect this data, especially with the rise of the digital age. It's a real challenge for new sites whose customers are located all over the world.

Using a clear and concise Privacy Policy agreement is always something you shouldn’t miss.

What is a Website Privacy Policy?

A privacy policy appears as a statement or a legal document included on a website. It shows how the company collects, stores, uses, shares, and secures the personal information of users and customers.

It's considered one of the most important texts on a website. Besides information possession, a privacy policy should also state the way you meet national and international regulations.

It must tell users where they can seek recourse if the company fails to meet its responsibilities as well.

What to Include in a Privacy Policy?

There are different types of data to add to your privacy policy, depending on your business operation and customer location. Generally, you should have the data collection process, data security, its usage, etc.

Start the privacy policy by letting users know what information you want to take from them. For example, e-commerce stores may need info like Name, Address, Email, and Phone number.

Does My Site Require a Privacy Policy?

Almost all websites interact with users and collect their data somehow. If you’re using your site to make money, you definitely need a privacy policy. Here are 3 reasons why your online business needs a privacy policy.

Meet Third-Party Services’ Requirements

You won’t be able to use services of other third-party companies if your policy doesn’t meet their requirements.

Build Trust with Customers

A clear privacy policy helps you gain trust from users. It gives them the feeling that their information is protected and used legally.

Required by Law

Most countries make privacy policy compulsory by laws. We have GDPR in the EU, CalOPPA in the US, and Australian Privacy Principles in Australia.

Which Privacy Laws Apply to Your Business?

The goal of privacy policies focuses on customer data security. They mainly protect your customers, not your businesses. It depends on both customer and business bases that you should follow the privacy laws of certain locations/countries.

Before that, bear in mind:

  • Where is your business located?
  • Where are your customers from?
  • What types of information are you collecting?

European Union

Apply the General Data Protection Regulation (GDPR) to

  • Businesses located in the EU
  • Businesses providing products or services for the EU residents

You must have the users’ agreement before start collecting their personal information.

United States (California)

The US doesn’t have official privacy legislation for the entire country. However, the California state comes with CalOPPA and CCPA to protect its residents' privacy.

  • CalOPPA used by commercial sites that collect the data of California consumers.
  • CCPA, supporting CalOPPA, targets businesses that use California consumers' data and
    • Have annual gross revenue of >$25 million
    • Or collect personal info of >50 thousand Californian
    • Or earn 50% of revenue from selling Californian information


Australia has the Privacy Act of 1988 regulations to control how businesses collect and possess information for any organizations based in Australia.

It also applies to organizations that have a turnover of more than AUD $3M yearly or a turnover of less than AUD $3M yearly but works in healthcare, buy and sell users’ personal information, and provide services for the Australian gov.

Consider other privacy laws of other big countries such as the Colorado Privacy Act of Colorado, the United Kingdom Data Protection Act 2018 of the UK, and the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada.

What If You Don’t Comply Privacy Policy Regulation?

Each country has a different law and acts for a website privacy policy. That’s said, if you don’t commit to following it correctly, you and your business may face legal issues.


CalOPPA keeps finding companies or websites that use users’ private data illegally and fines them $2,500 each case.


Different from CalOPPA, GDPR has 2 different levels of punishment. The first level is 2% of company annual turnover or 10M Euros. The other is 4% of company annual turnover or 20M Euros.

PIPEDA (Canada)

You will get fined up to $100 thousand for each privacy regulation violation.

How to Implement a Privacy Policy in WordPress Sites

WordPress comes equipped with a built-in feature allowing you to create a Privacy Policy page for your site. To enable it, simply go to Settings → Privacy in the admin dashboard.

You mustn’t hide this page from the legal section of your site. You can display its link in the footer so visitors can easily find them when landing on any page.

Remind users about this privacy policy at every step of the customer journey. You can enable a checkbox for them to confirm that they’ve read and agree to all terms and conditions, for instance, before submitting a form.

Keep Your Privacy Policy Up-To-Date

Remember to keep your privacy policy up to date on time once any changes happen in laws. Have a strategy to update the policy when new laws are introduced and go into effect.

Use a third-party tool like Termageddon to generate comprehensive Privacy Policy, Terms & Conditions, and Disclaimer pages.

This top-notch privacy policy tool monitors privacy laws and keeps your policies up to date, no matter what regulations you’re following.

PPWP Pro Privacy Policy

PPWP Pro is currently one of the top password-protect plugins for WordPress. It allows securing your site content with passwords, from pages, posts, custom post types, categories, to the entire site.

The website provides users with a clear Privacy Policy page letting them know all information about how we collect, use, keep, secure, and share your data.