It's time folks. While the US does not have any standardized laws requiring privacy policies, businesses here are still required to have one if they are collecting data from any EU citizens. This is a recent change (implemented on 5/25/18) when the EU Data Protection Regulation (GDPR) replaced the existing EU Data Protection Directive.
If you're like me, this sounds like an overwhelming task.
To help you along, I've outlined a few tips from what I've read (but please note: this is not my expertise and I'm still learning). I've also gathered a few resources together that explain these new laws as well as links to Squarespace and Mailchimp Policies so that you can understand better the data that they (and potentially you) are collecting.
From what I've read and learned, these are my tips in drafting your policy.
- Don't fret. Everyone's figuring this out.
- Transparency is the end-goal. Just try to be clear about 3 things:
- What you collect
- Why you collect it
- How you collect it
- Don't forget your third parties (Squarespace, Mailchimp, Google, etc). Rather than constantly updating your policy, consider referring to how you use a third party and then linking to their policy and terms. That way you will always provide the most recent information.
- Find some examples of businesses in your industry to see how they handle it.
- And, if you need help, consult a legal expert to guide you through it.