I spend a lot of time looking at Privacy Policies, it’s one of the first pages I go to when I land on a website. Now, before you judge me, it’s a great way for me to see if someone is my ideal client or not !
I can tell by skim reading a few paragraphs of their privacy policy if someone has a good understanding of GDPR and how it relates to their business. So I’ll check out their Privacy Policy first and then go back to read the really interesting stuff.
I also check someone’s Privacy Policy if I’m considering buying something from them, particularly if they are new to my world. For me it’s a way of gaining reassurance and building trust with a new business that I’m thinking of buying from. Unless it’s shoes or clothes – I’m honestly not heading straight to the Privacy Policy of all my favourite shops when I visit their website!
Here are some of the common mistakes I see when I’m browsing people’s privacy policies.
1. There isn’t a Privacy Policy to read!
You’ve created an amazing website or sales page and you’re asking people to sign up to your fabulous freebie, master class, workshop, membership or course. But there is no link to your Privacy Policy to be found anywhere.
Why is this a problem? If you are based in the UK or Europe and the people that you work with are based in the UK or Europe, or if the people that you want to work with are based in the UK or Europe, under GDPR and data protection regulations you need to let people know how you handle their personal data in your business.
Transparency is one of the key principles of data protection law (it’s known as the Lawfulness Fairness and Transparency principle).
Simply put, you must be honest and open about how you use other people’s personal data in your business. And the best way to do this is to explain it all in your Privacy Policy. You also need to inform people how you’ll use their personal data when you’re collecting it (or as soon as possible afterwards), which is why providing a link to your Privacy Policy on your website and sales pages is so important.
2. Your Privacy Policy only talks about what happens when someone visits your website
This is a very common mistake that I see, possibly because some online privacy policy generators only suggest wording for what happens when someone visits your website.
So that’s a great start, but your Privacy Policy also needs to let people know what you do with their personal data when they inquire or work with you.
What happens when they sign up to your newsletter, order your products or buy your services?
Your privacy policy should cover how you handle other people’s personal data when they do business with you, not just what happens when they visit your website.
3. Your Privacy Policy does not explain your purpose and your lawful basis for processing personal data
We can’t collect other people’s personal data just because we feel like it or we think it might come in handy one day. It might be interesting to know whether your new client is a dog or a cat person and what their favourite pooch is called to help build rapport, but do you really need to make a note of this and keep it on file? Obviously, if your business is all about pets, then this will be very relevant but if you’re selling website design services not so much!
Every business is different, the type of personal data and information a life coach may collect and keep about their client is very different to the kind of information that an accountant will need to keep.
We need to inform people what personal data we collect about them and why we need it. And we also need to let them know what our lawful basis for processing this personal data is.
The UK Data Protection Act and GDPR sets out six possible lawful basis for processing personal data. These are consent, contractual obligation, legal basis, legitimate interests, public tasks and vital interests. The first four are most relevant to small businesses.
Your Privacy Policy should clearly explain your purpose for collecing personal data and which lawful basis you rely on.
4. The Privacy Policy is full of legal speak and overly complicated to read
You don’t get bonus points for having an overly complicated Privacy Policy full of complex legal speak that only somebody with a law degree can understand.
In fact, it’s quite the opposite – you get bonus points for making sure that your Privacy Policy is really easy to understand.
If your website is aimed at children for instance, your privacy policy needs to be written using words and language that a child can read and understand.
Keep to plain and simple English (or whichever language you normally communicate with your customers). The person reading your Privacy Policy shouldn’t need a dictionary, a thesaurus or the services of a friendly lawyer to translate it for them.
5. Your Privacy Policy has no formatting and is using funky fonts that only you can read
Have you ever clicked off a page because there is just a mass of words on the screen with no formatting, or the weird font is making it really hard to read? Yes me too !
Paragraph breaks and headings are your friend, particularly when it comes to your Privacy Policy.
Headings are great, because people can scroll down to the particular section that really interests them if they choose to. You can also use tables and icons and even pictures if you want to. It’s fine to personalise and brand your Privacy Policy, but save the really funky fonts for the rest of your amazing website and keep the layout plain, simple, easy on the eye and accessible to everyone.
6. A Privacy Policy template hasn’t been adapted to fit the business
Your Privacy Policy needs to reflect what you do in your business, which may be very different to what someone else does in their business.
If you’re using an online policy generator or a template for your Privacy Policy it’s so important to make sure that you go through it line by line – really think about if the wording in the template relates to what you do in your business. If your Privacy Policy talks about using Google Analytics, Facebook/Meta pixels or web beacons – are you actually using all of these ?
Just because it’s mentioned or suggested in someone else’s policy template doesn’t mean it is relevant to your business.
I can understand why it might seem tempting to leave in everything a template suggests, just in case at some point in the future , you might start using it and it may be relevant, I get it, I really do. But here’s the thing, if your Privacy Policy doesn’t reflect what you actually do in your business, then you are leaving yourself open to problems, possible complaints and you definitely don’t want to be misleading anyone reading it.
Your Privacy Policy is an important document and it’s something that you should be able to understand and update whenever anything changes in the way you collect or use other people’s personal data. You should also be able to answer any queries and questions that someone might have after reading your Privacy Policy.
If you’ve tried using an online policy generator, or you’ve been gifted a Privacy Policy by a business coach or similar, but you don’t really understand what it all means and are stuck on how to adapt it, then we should definitely chat !
Because that is exactly what I help my clients with. I’ll talk you through the key things that you need to include in your Privacy Policy. I’ll explain the different lawful basis and how they relate to your business, break it all down in plain and simple English, so that you end up with a Privacy Policy that you’re proud of – and most importantly, a Privacy Policy that you really understand. You can read more about how I can help by checking out my services page.
