Lately, it seems like all the talk online has been about privacy, consent for data tracking, and related topics. The introduction of the new General Data Protection Regulation (GDPR) has a lot to do with that. Among other things, it’s left many website owners wondering: “How can I add a WordPress privacy policy to my site?”
A privacy policy has always been useful, but it’s now a requirement for most sites. You’ll want to be very clear about what data you collect from your visitors, along with how it’s stored and used. Fortunately, putting together this type of policy is now easier than it’s ever been, thanks to a handy new WordPress feature.
Then we’ll walk you through how to create one. Let’s jump right in!
Why your site needs a privacy policy
The General Data Protection Regulation (GDPR) went into effect not long ago, and made some changes that affect just about every website owner. In fact, if any of your site’s visitors are from the EU, you’ll need to be sure you comply with the GDPR’s rules.
We’ve described how the GDPR works at length elsewhere, so we won’t repeat ourselves here. Suffice it to say that this regulation introduces new rules regarding privacy and transparency online. All your website’s visitors now have the right to know what data you’re collecting about them and how it’s used, and even to have their information deleted.
There are a number of ways you can make your site GDPR-compliant. However, perhaps the most important step is putting together a clear WordPress privacy policy:
This is how you’ll inform visitors about all the key information they need to know. While it may take a little effort on your part to get your policy just right, the basic steps involved aren’t difficult.
How to create a website privacy policy in WordPress (in 3 steps)
With that out of the way, let’s get to work!
Step 1: Create a new page for your privacy policy
Until recently, you had to build a WordPress privacy policy completely from scratch. In fact, you can still do that – simply create a new page and start writing. However, WordPress now offers a feature to help you get started, which we highly recommend you check out.
As long as your site is updated to the most recent version (which it should be!), you’ll find this option under Settings > Privacy:
Here, you can select an existing page to designate as your privacy policy. This can be useful if you already have a policy in place that just needs to be updated. However, you’ll most likely want to start by selecting Create New Page.
This will take you straight to the WordPress editor you’re familiar with, where you can start adding content to the page. It will have some headings and information already included:
This can serve as the template for your privacy policy. All you have to do is fill in the blanks.
Step 2: Add in your website-specific information
If you look through the template WordPress has provided you with, you’ll see a number of sections. This is a useful outline letting you know what type of information you need to explain to your visitors.
A few of the sections already have some text filled in. This describes data that all WordPress sites gather by default, as well as how long it’s stored, and similar details.
You’ll likely want to leave all of this as-is. However, it’s worth reading through to see if any of the functionality described is altered on your specific site (for example, due to a change you’ve made to the settings, an installed plugin, or some custom code):
After familiarizing yourself with what’s already there, you’ll want to go through each section of the template.
When adding information, it’s best to provide as much detail as you can. There’s a WordPress privacy policy guide that can help you fill in some of the gaps, which is linked to at the top of the page. It even provides some suggested text you can use. You’ll likely also want to refer to the GDPR guidelines themselves, and to the legal advice we mentioned earlier.
What to include in your privacy policy
While this isn’t an exhaustive list, here are some of the points you’ll need to make sure are covered in your WordPress privacy policy:
- What kind of data your site collects from visitors (names, email addresses, payment details, etc).
- What features or elements of your site gather data (such as contact and opt-in forms, social media buttons, and comments sections).
- Why you collect this data and what the data is used for in a general sense.
- How the data is stored (and for how long it’s stored).
- Who the data is shared with, such as external parties like cloud storage services and payment processors.
- How you protect the data, including what procedures are in place to keep it safe and to respond quickly in the event of a breach.
- What rights visitors have over their data. This should include the right to know all of the above, to ask for a copy of their data, and to request that it’s deleted at any time.
This may seem like a lot, but it’s best to be comprehensive. While it’s true that most people aren’t likely to read through the whole thing, you’ll want to be able to prove (if needed) that you’ve made all this information available and easily accessible.
Finally, don’t make the mistake of leaving something out of your privacy policy because it seems obvious. Even if it would be hard for a visitor to mistake that your email opt-in form clearly collects names and emails, you still need to clarify the facts in a permanent format.
Step 3: Display your WordPress privacy policy on your site
Once you’re happy with your new privacy policy, you need to make it available to your website’s visitors. Publishing the page will make it live, but that isn’t enough. People shouldn’t have to go hunting for this information – it should be easy to access.
The best way to do this is usually to display a link to your policy on every page of your site. Most people will add this to their sites’ footers. However, you can use a sidebar or even your main navigation menu if you want to ensure that it’s as visible as possible.
For example, you could open up Appearance > Widgets in your dashboard, drag a new Text widget into your theme’s footer, and include a simple text prompt and link:
Another way to add your privacy policy is via the free Orbit Fox plugin, which includes a built-in module to help you add a privacy policy notice as a dismissable bar that appears on the bottom of your site:
Here’s an example of what that bar looks like:
Finally, it’s not a bad idea to also include a link to your WordPress privacy policy in places where you deliberately collect user data. This can include on your forms, sign-up pages, and/or payment screens.
With that, your WordPress privacy policy is up and running! Just remember that it should be a living document. Every time you make a significant change to your site, such as adding a new form or installing a plugin, make sure to update your policy as relevant. The same applies to any major WordPress updates, since they may introduce changes to the way your site gathers data behind the scenes.
Conclusion
A simple but comprehensive privacy policy can do a lot of things for your website. It helps to ensure compliance with the GDPR and similar regulations (such as the Cookie Law). Plus, it provides peace of mind for your visitors, since they’ll know exactly what kind of details you’re gathering from them and how you’re using that data.
In order to create a WordPress privacy policy, all you have to do is follow these three steps:
- Create a new page for your privacy policy.
- Add in your website-specific information.
- Display your WordPress privacy policy on your site.
Alternatively, you can also use a privacy policy generator.
Do you have any questions about how to write up your privacy policy? We’re not legal experts, but we’ll do our best to help in the comments section below!
Or start the conversation in our Facebook group for WordPress professionals. Find answers, share tips, and get help from other WordPress experts. Join now (it’s free)!