• GDPR
• CalOPPA
• CCPA
• COPPA
• PIPEDA
• Australian Privacy Act
• and more

There are 7 key principles in the GDPR they are:

• lawfulness, fairness and transparency
• purpose limitation
• data minimisation;
• accuracy
• storage limitation
• integrity and confidentiality
• accountability

These principles are central to the GDPR. They are not written out as exacting directions to be followed but rather taken as the essence of the regulation. Ensuring that your privacy policy covers and is compliant with these key principles is of extreme importance.

The GDPR sets out the rights of the individual as follows:

• The right to be informed
• The right of access
• The right to rectification
• The right to erase
• The right to restrict processing
• The right to data portability
• The right to object
• Rights to automated decision making and profiling.

What do these rights mean to you? Check out our post on GDPR Compliance and your Privacy Policy for further information.

To be GDPR compliant, an organisation must make sure that the personal data is collected in a lawful and transparent way, it is protected from misuse, maintained in a secure way and that they have appointed someone to be responsible for GDPR compliance.

To ensure your organisation is GDPR compliant the GDPR.EU have compiled a checklist which you can access here: https://gdpr.eu/checklist

The GDPR is applicable to any organisation who operates either inside or outside of the EU who obtains personal data for any reason from residents within the EU. So even if your business is located outside of the EU, you will be required to be GDPR compliant if you offer goods and services to residents of the EU.

This means that almost all organisations should have a GDPR compliant policy in place.

According to the GDPR an organisation must supply a Privacy Policy that is:

• written in plain language, avoiding legalese, particularly if the information is directed at children
• the Privacy Policy must be easily accessible and free of charge
• delivered in a timely manner

Any organisation obtaining personal information from an individual must include the following information in it's Privacy Policy:

• the purpose of collecting and processing the personal data
• the interests of the organisation or any third parties
• recipients of the personal data
• details referring to the transfer of personal data to countries outside of the one the organisation is based in
• how long you retain personal data or what the criteria is that is used to determine how long data is retained
• proof of data subjects rights
• the right of the individual to withdraw consent of personal information at any time
• the right of the individual to lodge a complaint to the relevant authority
• explanation of why the personal data is required, whether is is contractual or not and what are the consequences if the individual doesn't provide this data.
• whether your organisation has an automated decision making system in place and if so information about its implementation, significance and consequences of use.
• contact details for your organisation, its representative and data control officer

Get your GDPR compliant privacy Policy here

CalOPPA applies to any organisation or individual who operates a website or online service and collects personally identifying information from Californian residents. CalOPPA however doesn't apply to entities who store personally identifiable information for a third party.

Under CalOPPA the following are required:

• your Privacy Policy or a link with an icon including the word Privacy, is located on your websites home page.
• the Privacy Policy is linked to the home page via a hypertext link which contains the word Privacy.

• your Privacy Policy is required to be written in clear, straightforward language.
• use a format which makes your policy easy to read
• include a clause explaining your organisations online tracking policy. It should be clearly named, for example "online tracking" or ""do not track"
• explain how you use any personally identifiable information that you collect from your users
• if possible provide a link to the privacy policy of any third parties with whom you share your users personally identifiable information with
• include a clause which lets your users know that they have options regarding the collection, use and sharing of their information
• give contact information so that your users can ask questions or raise any concerns they may have with the use of their personal information
• give the effective date of the privacy policy

Get your CalOPPA compliant privacy policy here

The Children's Online Privacy Protection Act is a United States federal law that has been in effect since April 21st 2001. Under this law websites must make it evident in their privacy policy whether they collect any personal information from children under 13 years of age. If your website is not targeting children under 13 years of age then it is best you do not collect any age information from your users and add a clause in your privacy Policy which clearly states that your website is not aimed at children under the age of 13.

For your COPPA compliant privacy policy here

A Privacy Policy is not just a legal requirement for your business or e-commerce store it is also a way to ensure you are fulfilling those legal requirements. Having a Privacy Policy also promotes trust with your clients and users as they are aware of how you are managing all aspects of their personal data.

Here is a quick checklist of some highly important components of your Privacy Policy for your business.

• Effective Date: Ensure you always include an effective date on your policy and amend this date if or when you make any changes to your Privacy Policy.
• Ensure that you have disclosed what type of personal information your business collects from your customers and how this information is collected.
• You must include how you keep your customers personal data safe and secure.
• How long you retain this data and where is it stored and processed.
• If you share any of your customers personal data, who do you share their data with? Third parties may include Google Adwords, analytics services, and employees.
• Give your customers the option to opt out of providing information if they choose to and inform them of what services may be unable to be offered if they choose this option.
• Explaining your customers data protection rights.

Yes even your personal blog is required to have a Privacy Policy. What you will need to include in this policy depends upon what type of data you are collecting from your users and if you are using affiliate links, advertising, if you are selling any products or services and/or providing your users with regular emails.

The following are some things you may want to include in your Privacy Policy:

• What type of information do you collects from your users and do you disclose this information to any third parties such as Google Analytics, Google Adwords, affiliates, or web hosting companies.
• How can your users opt out of data collection and how will this impact them using your site.
• What are your users data rights?
• How long do you retain any of your users personal data and where is this stored and processed?
• and as always include an effective date which you must change should you make any amendments to the privacy Policy.