Privacy Policy

Privacy Policies are Required by Law

The GDPR regulates privacy policy requirements for entities targeting users in the European Union (EU) and the European Economic Area (EEA), regardless of the company’s physical location.

Your business must comply with the GDPR if it targets EU consumers and meets one of the following thresholds:

  • It offers goods or services
  • It monitors online behavior

Chapter 3, Articles 13 and 14 of the law clarify that users have the right to be fully informed about the collection and use of their personal data.

Linking to a generic privacy policy is not enough under the GDPR; you also need freely given consent from users before collecting their personal information. Under the law, personal data refers to any information relating to an identifiable person, either directly or indirectly.

It’s important to note that different privacy laws use unique definitions for personal information, each with slight variations in meaning.

Your business can communicate all relevant data gathering and processing information in compliance with the GDPR and request user consent by publishing a privacy policy on your website.

The penalties for GDPR non-compliance are fines of up to 4% of your annual global turnover or €24 million ($23 million), whatever is highest.

The California Consumer Protection Act (CCPA)

The CCPA regulates privacy policy requirements for businesses targeting users in California, regardless of the company’s physical location.

Your business falls under the CCPA if it meets one of the following thresholds:

It generates over $25 million in annual gross revenue It annually buys, receives, sells, or shares the personal information of 50,000 or more consumers (changing to 100,000 under the CPRA) It derives 50% or more of its annual revenue from the sale of personal consumer data Under the law, you must inform users about the personal data you collect and how it’s processed.

The text of the CCPA defines personal data similarly to the GDPR but excludes publicly available information, like social media posts.

You must also provide a way for consumers to opt out of the sale of their data.

To comply with the CCPA, you can outline your data practices with our standard privacy policy template and include a conspicuous “Do Not Sell My Personal Information” link.

The penalties for CCPA non-compliance are fines of $2,5000 per violation or $7,500 per intentional violation.