The introduction of the GDPR in 2018 seemed to really stress a lot of people out, as if this was a brand new area of law that they’d never heard of before, but in actual fact the data protection law has been around for a very long time and the GDPR is just an upgrade.
The simple answer to the question of whether or not you need a Privacy Notice (often referred to as a Privacy Policy) on your website is that, it depends! A GDPR compliant Privacy Notice must be provided before or at the time of collecting personal information.
You MUST have one on your website if your website collects any data through which a person can be identified. This could be as simple as their email address or even their IP address (as this could be static and specific to that person).
So, on your website do you have:
- Google Analytics or any other statistic package collecting visitor data?
- A contact form where the user enters any personal information such as their name, email address, phone number etc?
- A sign-up form where the user subscribes to ongoing communication
If so, you are under a legal obligation to publish a Privacy Notice on your website.
If you don’t collect personal information in this way, you do not need to display a Privacy Notice on your website. However, if you do, it is an easy place you can send people to read it, rather than printing hard copies to give out.
I should note that I am not a GDPR Expert, but I have been on a course! If you need specific data protection advice or a Privacy Notice for your business and website you should contact a data protection expert. They can help you with compliance, training, policies and much more.