Drafting a Privacy Policy

It's time folks.  While the US does not have any standardized laws requiring privacy policies, businesses here are still required to have one if they are collecting data from any EU citizens.  This is a recent change (implemented on 5/25/18) when the EU Data Protection Regulation (GDPR) replaced the existing EU Data Protection Directive.


The GDPR requires all companies operating in the EU as well as foreign companies that handle personal data of EU citizens to have a Privacy Policy. This is part of its goal to make sure personal information is obtained and processed fairly.

If you're like me, this sounds like an overwhelming task.

To help you along, I've outlined a few tips from what I've read (but please note: this is not my expertise and I'm still learning).  I've also gathered a few resources together that explain these new laws as well as links to Squarespace and Mailchimp Policies so that you can understand better the data that they (and potentially you) are collecting.

And one last note: feel free to check out my privacy policy page.  It's a start... that works for me.

My Tips:

From what I've read and learned, these are my tips in drafting your policy.

  1. Don't fret. Everyone's figuring this out.

  2. Transparency is the end-goal. Just try to be clear about 3 things:

    1. What you collect

    2. Why you collect it

    3. How you collect it

  3. Don't forget your third parties (Squarespace, Mailchimp, Google, etc). Rather than constantly updating your policy, consider referring to how you use a third party and then linking to their policy and terms. That way you will always provide the most recent information.

  4. Find some examples of businesses in your industry to see how they handle it.

  5. And, if you need help, consult a legal expert to guide you through it.