small business privacy policy

What You Need to Include in Your Small Business Website’s Privacy Policy

By Princess Jones

The recent passing of the General Data Protection Regulation (GDPR) legislation has made a lot of waves for entrepreneurs. The GDPR was meant to protect European Union citizens from misuse and mishandling of their data online. If you’ve noticed the recent flurry of updated privacy policies and terms from all of the organizations and businesses in your lives, this is what triggered it.

While you and your business may not reside in the EU, if you do business of any sort online, you might be affected. Now is a great time to review your website’s privacy policies to make sure that it has all the necessary elements.

The Information Your Company Collects

The first thing you want to include in your privacy policy is the information you plan to collect about your website visitors. Many small business owners may not think that they are collecting information on users, but you’ve probably got more than you think. For example, you might collect their names, email addresses, addresses, etc. If you have an online store or a loyalty program or an email subscription list, you’re probably collecting plenty of information from your users.

Do you use data analytical tools like Google Analytics? You also need to let them know whether you collect analytical data about how they access and use the site. This information might include their browser information, operating system, and IP address.

Finally, you need to tell your users if your site uses cookies, pieces of data that is sent from the website to be store on the computer. Cookies help websites remember user information, which is then used for things like shopping carts and information in form fields.

What You Do with the Information

Your privacy policy should also include what you do with the information you collect from users. This information might include shipping information, contact information for customer service follow-up, and third party service providers. You’ll need to be clear about whether you lend or sell that user data to anyone and under what circumstances it might happen. Just remember that it’s more important to be specific about what circumstances you share info and how that it gets used rather than naming the specific company you share it with.

Changes to the Privacy Policy

Your privacy policy should also lay out how you plan to make changes to the privacy policy. Most users won’t randomly come back to reread your privacy policy to check for updates. So, it’s important to explain that you will update your privacy policy at any time.

If you do update your privacy policy, you should also use a pop-up or banner message to let users know that your privacy policy has been updated. If the user continues to use your website, they are accepting your new policy. For users you interact with via email, it’s a good idea to send them an update and notify them that if they stay on your lists or continue to use your site, they’ve agreed to the updated terms.

Users Responsibilities with Their Data

Most of your privacy policy is about what information you collect from your users and what you do with that information. However, it’s also a good idea to warn users about protecting their own personal data. When using your website, your users may enter personal information like usernames, passwords, and other data. Your privacy policy should remind your users to protect their personal data when using your website and to avoid sharing usernames and passwords with third parties. Although it is their information, letting it fall into the hands of someone with bad intentions can affect your business, too.

Photo credit: Privacy policy on laptop from Rawpixel.com/Shutterstock

Subscribe to the Small Business Bonfire Newsletter
And get your free one-page marketing plan template.
Princess Jones on DeviantartPrincess Jones on FacebookPrincess Jones on GooglePrincess Jones on LinkedinPrincess Jones on Twitter
Princess Jones
Princess Jones is the evil genius behind P.S. Jones Copy & Design, where she helps food and drink businesses speak the language of their audiences. For more talk about copywriting, design, and the tools to pull them off, follow her on Twitter @imprincessjones.
  1. Hi Princess Jones,

    Worthy article.

    GDPR has become the hot topic in Europe for avoiding mishandling of European people’s data online. For Europe people, it’s very important to review their website’s privacy policies to crosscheck whether it has the essential elements.

    All the points highlighted in the post is true and helpful.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.