But first, a disclaimer:
There are three other regulations that you might want to be aware of:
- Privacy Shield – created by the US Department of Commerce, the European Commission and Swiss Administration to prove “a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.”
- GDPR – the European Union’s data protection law to provide rights for citizens.
- The Children’s Online Privacy Protection Act (COPPA) – a US law created to protect the privacy of children under 13.
This definitely not an exhaustive list. For other regulations in other countries, take a gander this blog post over at PrivacyPolicies.com.
Consult with a legal professional! But you knew I was going to say that, right? Honestly, that’s the best thing you could do. That said, there are some other resources you can look into as an intermediary step.
What to include
- Your business name and contact details.
- The type of personal data you collect (i.e. name, email address, etc.).
- Why you collect personal data (is it for marketing purposes or something else?).
- How the data is used.
- How you share data with third parties, if at all.
- How your visitors can opt out of data collection.
And while I didn’t really cover it here, you also need to be aware of third party services you use on your website, such as Google Analytics, ad services, and yes, even payment processing tools.