Privacy Policy 101: What Is It and Does My Website Need One?

Published 12 May, 2023 Updated 27 June, 2023

Businesses often build websites without taking care of one important element – the Privacy Policy. However, it is crucial, and you should not operate without one. Discover why.

Privacy Policy 101: What Is It and Does My Website Need One?

How many times have you faced a request to read a privacy policy or agree to terms and conditions? Probably hundreds of times. And how many times have you actually read the documents instead of just checking the boxes and moving on? Perhaps you are one of 87% of people who never read them. However, if you are now thinking of building a website for your business or your side hustle, you probably have one big question on your mind – does my website need a privacy policy?

The short answer is YES, you do need a privacy policy. But what exactly is it? How does it work? How to create a privacy policy for your website? These are all very important questions, and we have the answers. By the time you are done reading this article, you will know the steps you need to take next. So, let’s jump right in.

Key highlights 

  • A privacy policy is a legally binding agreement that protects both website’s visitors and its owner.
  • Different countries have different rules and regulations that cover the collection of personal data.
  • There are many options when it comes to creating a privacy policy pertaining to personal data collection. 

What is a Privacy Policy?

A privacy policy is a legal document that provides clear and comprehensive information on how a website collects visitors’ information, what personal information is collected and what purposes it is collected for.

As you probably know already, every website collects visitors’ data to varying degrees. And because visitors’ data is tracked and stored, a privacy policy must be introduced. This is important in two ways. 

First, the visitor has the chance to understand how data is collected and for what purposes. Furthermore, they can rest assured that when a website collects personal information, that is done in compliance to laws and regulations.

Simultaneously, a privacy policy protects the website’s owner against time-consuming and costly legal action taken by visitors, who do not understand how their personally identifiable information is collected or stored. 

So, what kind of data is considered personal information? Here are examples of the most common types of personal information tracked by websites

  • Name 
  • Email address
  • Home address 
  • Phone number
  • Credit card number
  • Date of birth
  • IP address
  • Geolocation
  • Usernames 

In short, if a website visitor interacts with a website – for example, buys a product or subscribes to a newsletter – both personal and non-personal information is recorded. A privacy policy stands in as a legal document that reassures visitors that data is recorded in full compliance with laws and regulations and also protects the owner of the website against wrongful legal action.

Does my website need a Privacy Policy? 

Now you have the basic understanding of why a privacy policy is important, but did you know many countries worldwide have actually introduced laws that require website owners to introduce them?

Even if your business is not located in a country where the laws are in place to regulate the collection of personal data, you might have people from that country visiting and using your website. Therefore, your business should comply with the law of that country. 

Let’s dive deep into some of the countries and their privacy policy regulations. 

From General Data Protection Regulation (GDPR) to California Consumer Privacy Act (CCPA)


Europe has one of the strictest privacy protection laws in the world. The General Data Protection Regulation (GDPR) went into effect in 2018 and it regulates how businesses should handle personal data collected online. This is defined by Articles 12, 13 and 14.

These regulations apply to all businesses and organizations that collect personal information of any kind from the citizens of the EU. GDPR requires a more detailed privacy policy than other countries, so if you wish to serve EU visitors, make sure your privacy policy complies with all GDPR legal requirements. 


Australia’s Privacy Act 1988 regulates how businesses might be collecting personal information from Australians. The website owners who wish to accept visitors from the country must have an updated privacy policy that informs how their personal data is used and also make sure that the data they collect is protected. 


The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada’s law protecting the private information of its citizens. To comply with the act, all businesses that collect personal data from Canadian citizens must have a clear privacy policy on their websites. 

United States

The United States doesn’t have strict data privacy laws in place at the federal level. However, the Federal Trade Commission (FTC) has policies in place that help protect personal data and ensure that websites are operating fairly and are not selling private information or leaving it unprotected for hackers.

California has more strict regulations for businesses operating in their state. The California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA) require that privacy policies are easily accessible and that website owners adhere to all regulations. 

As you can see, no matter where your business is based and operates, privacy policies are far-reaching. Chances are you’ll get visitors from all around the world. Therefore, you should be aware of the different data collection laws and regulations so you can comply with them and avoid facing legal actions or fines. 

What are cookies and how do they collect data?

Web cookies, or HTTP cookies, are small files hosted on the user’s computer. They are designed to hold specific data connected to a particular website. So, we cannot discuss privacy policies without discussing cookies as well.

How does a cookie work? For example, when you create an account online and choose to save your username and password so you can automatically log in the next time, this information is stored in a cookie.

Using cookies helps streamline visitors’ browsing experience and helps website owners track certain metrics like how many visitors are on their website at any given time.

Website visitors are usually more familiar with cookies than privacy policies because of the cookie banners that show up and, in some cases, prevent the visitor from viewing content until they accept or reject cookies. 

A screenshot of a web page with a privacy policy banner at the bottom.
Cookie banner

Depending on the website, visitors may have three options to choose from when it comes to cookies:

  1. Accept cookies
  2. Reject cookies
  3. Set cookie preferences

In the third case, the visitor has the chance to customize which cookies are allowed and which ones are rejected. Some websites prevent visitors from rejecting all cookies, but allow them to select only the ones that are deemed necessary by the website.

If you want to use cookies, you should always disclose that in your privacy policy. And make sure you provide your visitors with the option to opt out of cookies at any point.

Do you have a WAcademy website, but you still do not have a cookie banner? We can help you set it up!

Privacy Policy vs. Terms & Conditions: What’s the difference?

Every business should have a privacy policy and terms and conditions (T&C) on its website. It’s common for website owners to mix these two legal documents or think that they’re the same. However, these are two very different legally binding documents. 

While your website’s privacy policy is there to guide how visitors’ data is protected, the T&C agreement ensures that your business is protected. 

In short, the T&C agreement should inform your user what they’ll be required to do once they subscribe to or purchase your service. While including a T&C agreement is not required by law, it’s useful to have it simply to protect your business from any liability or complaints. 

Where to display the Privacy Policy and T&C agreement on your website

Your privacy policy should be easily visible and accessible to your website’s visitors. Note that it should be separate from your Terms and Conditions and other legal documents.

It’s common practice to link to both at the very bottom of the page, and so visitors expect to find both the policy and the agreement there.

You should also link your privacy policy – and your T&C document if you wish – whenever a visitor should review it. For example, you should include it next to a subscription form that asks the visitor to share contact information. Whenever your visitor creates an account on your website. Or, when purchases are being made.

How to create a Privacy Policy

There are three main ways you can get a privacy policy for your website.

Option 1: Create one yourself 

If you have time and you are actually interested in how a privacy policy comes to be, you can create one for your website yourself. 

Note it is crucial that your privacy policy answers the following questions:

  • Who collects visitor data? (This section should include your business name, address, location and contact details)
  • What purposes is the information collected for? 
  • What kind of personal information is collected?
  • How is personal information collected?
  • How do you share collected information?
  • Do you share the collected information with third-party services providers?
  • Why do you share collected information?
  • Do you use cookies and why? 
  • How can visitors contact you in case they want to submit a complaint?

Option 2: Hire an expert

If you are worried you cannot create a professional privacy policy that covers all the legal bases, you can hire a professional to help you create one. This is the most efficient and safest way to create a privacy policy. 

If you can hire a real expert you can trust, you will know that the information is correct, complies with different laws and is up to date.

Option 3: Use a template generator

Lastly, you might use privacy policy template generators available online to create a personalized privacy policy for your own website. 

This option certainly is easier than creating the policy yourself. However, you must make sure you use a reputable template generator that complies with the different applicable laws and has up-to-date information.

Let’s keep it private!

Privacy is no laughing matter, and once you’re responsible for a website, the privacy of your visitors, users or customers should be high on your priority list. After all, a website cannot earn customer trust if it does not clearly respect personal data protection and privacy laws.

Fortunately, a privacy policy provides an easy way to inform users and visitors how exactly you collect and store their personal information. This is crucial proof that you value data protection while you collect personal information. Simultaneously, this document protects yourself against unwarranted liability or complaints.

While creating a privacy policy might be a challenge – especially if you decide to build one yourself – you can use template generators or hire a professional to help you out. Whichever route you take, it is most important you have an easily accessible and visible privacy policy that your visitors and users can reference.