What You Need to Know About Privacy Laws and Your Website

by | Last updated Feb 12, 2024

There has been an avalanche of legislation in the United States and Europe regarding online privacy since the rise of the Internet. Today, publishing anything on the web requires familiarity and compliance with privacy laws to avoid the possibility of legal action or fines.

Before I continue, I need to stress that I AM NOT A LAWYER AND THIS IS NOT LEGAL ADVICE! Please consult a lawyer for legal advice for your particular situation.

This article contains some rough guidelines I found in my research on privacy compliance for small business websites. This is an extremely complex legal issue spanning many pieces of legislation on multiple continents, and I am by no means an expert! Please see the links at the end of this article for more information on online privacy.

Why Privacy Is Relevant to Your Website

You may be thinking, “my website doesn’t collect any private information, so I don’t need to worry about any of this.”

Well, if your website has Google Analytics installed on it (or any analytics service for that matter), you’ll need to worry about privacy compliance.

If you have target users in Europe and you use Google Fonts, you’ll need to worry about privacy compliance.

Any time your website collects an email address, that’s private information. So that may include comment forms, contact forms, and blog subscription forms. If you have any of these, you need to worry about privacy compliance.

Every Website Needs a Privacy Policy

Every public-facing website needs a privacy policy that explains what data you collect, what you do with it, how users can control their data, and possibly much more depending on what information your site collects, where its customers reside, and how big your company is. Termly.io has a good explanation of what needs to be in a privacy policy for a small business.

If your company is big enough to have in-house counsel or counsel on retainer, you should definitely use them for guidance on your website’s privacy policy. If your company collects sensitive information or sells personal information as part of its business model, you should also contact a lawyer.

Otherwise, you may be able to use one of the many privacy policy generators online. Two examples are Termsfeed.com and Termly.io. Termsfeed has a free privacy policy template at the end of this article.

For a more robust policy, I would recommend purchasing a privacy policy subscription from Termageddon, the industry standard for privacy policies. When you purchase their service, they’ll help you generate a policy specifically geared for your site, and they’ll make sure it is always updated to comply with current laws.

Whatever you do, do not just copy another company’s privacy policy. The privacy policy reflects your website’s particular features, as well as your company’s particular policies for handling personal information. Therefore, the privacy policy must be customized for your site and organization.

Disclosure: Some of the links on this page are affiliate links. This means if you click on the link and purchase the item, I will receive an affiliate commission at no extra cost to you. I test or research each service before endorsing it. I own this site and the opinions expressed here are mine.

California Consumer Privacy Act of 2018 (CCPA)

The CCPA is further legislation aimed at protecting user privacy online. It can apply to any site with visitors in California, no matter where your company or organization is based.

The CCPA applies to for-profit entities which meet at least one of the following conditions:

  • Over $25 million in annual gross revenue
  • Receives information for 100,000 or more consumers (up from 50K due to the CPRA going into effect in 2023)
  • Derives 50% or more of its annual revenue from selling consumer personal information

Note that nonprofits and California state and local government entities are exempt!

Note that 100,000 annual visitors translates into 274 daily visitors, which is not that high a threshold.

For information on how to comply with CCPA, check out this Termly.io article on the CCPA.

One hallmark of the CCPA is the requirement for a “Do Not Sell My Personal Information” option if your organization sells personal information collected by the site. While you may not think you sell personal information, the law applies even if there is no monetary exchange. For example, you might get some free services from a CRM company if you use them to manage your email list. Thus you might still need to provide a way for users to opt out.

General Data Protection Regulation (GDPR)

GDPR is a privacy law created in the European Union, but it affects businesses located anywhere in the world that have users in the EU. Termly.io has a great summary of GDPR for dummies.

You may still be wondering if the GDPR applies to your organization. I’ve found somewhat conflicting information on this. Some sources say that if your site has even one visitor from the EU it does apply. But, I found this blurb on the official European Commission Website:

When the [GDPR] regulation does not apply

Your company is service provider based outside the EU. It provides services to customers outside the EU. Its clients can use its services when they travel to other countries, including within the EU. Provided your company doesn’t specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.


In any case, I would think that a local-focused brochure website for Joe’s Barber Shop in Omaha, Nebraska, for example, would not be a high-priority target for European regulators.

Many of the requirements of the GDPR are good privacy practices and can be handled in your privacy policy and your organization’s operational policies (i.e., having someone assigned to remove a person’s data upon request, for example).

Probably one of the most painful parts of GDPR compliance for a small business website that doesn’t collect names or email addresses is making Google Analytics compliant. Google Analytics tracks users so it is not compliant by default. To make it compliant, you need to get permission from the user before activating Google Analytics on your site. That means an annoying popup. Furthermore, a good number of folks will choose not to be tracked, so you’ll lose some valuable analytics data.

You’ll just have to make the risk analysis for your organization. How valuable is having complete analytics data and not annoying visitors with a popup vs. strict compliance with GDPR?

You’re Not Done Yet

Let’s say you’ve gone through the work of constructing a good privacy policy and maybe even a privacy compliance popup. You’re not done yet.

In fact, you’re never done, because privacy compliance is an ongoing thing. It’s not enough just to say that you’ll remove someone’s personal information upon request in your privacy policy. You have to have someone in your organization available to receive that request who can remove the info in a timely manner.

This is where privacy trolls come in. They make a request to a site to remove their info. If they don’t get a response in the time specified by law, they may threaten legal action.

So, it’s important that your organization has policies to deal with these privacy requests on an ongoing basis.

Furthermore, new laws are always being passed. That’s why some services like Termly.io provide a subscription service with ongoing updates.

More Information

I’ve barely scratched the surface of website privacy compliance, but I hope I’ve pointed you in the right direction. Here’s where to get more info:

Termageddon Data Privacy agency partner
Official Termageddon Data Privacy agency partner

Subscribe to My Posts

Leave a Comment or Question

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments


How to Clear Your Browser Cache to See the Latest Version of a Website

How to Clear Your Browser Cache to See the Latest Version of a Website

When your web developer makes changes to a website, you might not see those changes in your browser because of something called "browser caching". Basically, that means that the browser keeps old copies of parts of the website locally so it doesn't have to re-load...

Which Web Hosting Company Should You Use?

Which Web Hosting Company Should You Use?

If you want to put your content on the Internet, you'll have to choose a web hosting provider. This is the company that will store your website on a computer that is connected to the Internet and can serve it to visitors. If research hosting companies on the Internet,...

WordPress vs. Wix, Weebly, and Squarespace

WordPress vs. Wix, Weebly, and Squarespace

One question I sometimes get from clients is whether they should use WordPress or one of the online website builder services like Wix, Weebly, and Squarespace. Unlike some web developers (and designers), I believe those services can be the right choice in some...

What Is WordPress? A Guide For Absolute Beginners

What Is WordPress? A Guide For Absolute Beginners

WordPress is free software that lets you create a website using pre-made templates and plugins, and it allows you to update content by logging into the site and typing in a text editor. This allows you to create professional-looking sites and update the content...

Pin It on Pinterest