What Is A Privacy Policy And When Do You Need One?

What Is A Privacy Policy And When Do You Need One?

Services List

    Does you business have a privacy policy? It's more than likely that you need one. Here's what it is and how to get one.


    Digital privacy has been a hot topic since the advent of the internet. It’s become especially pertinent since the adoption of the General Data Protection Regulation (GDPR) in the European Union and South Africa’s Protection of Personal Information Act (POPIA) which came into full force July 2020.

    As a business, you may be wondering if you need a privacy policy of your own, how to create one, and how exactly these Acts affect you.

    It may seem daunting but creating your own privacy policy is not as scary as you think. This article will break down what you need to know.

    What is a privacy policy?

    First off, what is it?

    A privacy policy is a document that tells your customers:

    • What data you are gathering from them
    • How this data will be used
    • How this data is stored
    • How long you will keep their data
    • What you are doing to protect their data
    • How they can opt out of their data being used

    Any individual or business that gathers any sort of information from someone, including their name, contact details or online user behaviour needs a privacy policy.

    Why you need one

    Privacy policies are there to protect both you and your user. They are a way to show that you are gathering and storing user data in a legal way. They inform users on what is being done with their data and allows them to either consent or opt out of this arrangement.

    It protects the user against their data being used for illegal activity or unsolicited marketing.

    Many of the third party apps you may use, such as Google Adwords, Google Analytics, and various social media sites may actually require that you have a privacy policy in place.

    And lastly, your customers value their privacy and need to be made aware of how you are storing their data.

    People want to feel secure before providing private information, and a privacy policy is a great way of showing them that you are law abiding and trustworthy, and have procedures in place to handle their personal information with care.

    Even if you don't collect any personal information from users, you should consider creating a Privacy Policy page regardless. Even if all it says is that you don't collect any information.

    How to create a privacy policy

    There are several online templates that you can download and adapt to your own business to use as your own privacy policy.

    Here is one from the POPIA Compliance website that you can read and adapt to use your personal company name and details.

    Here is one from FreePrivacyPolicy.com that prompts you with the fields you need to fill in and then generates your own unique policy.

    Along with your privacy policy, you may want to include a security policy to show just how you are protecting someone’s data.

    This is an outline of the security measures you have taken to safeguard your customer’s data.

    Although these templates cover most of what is required in a privacy policy, you may still want to consult a legal advisor when creating yours.

    Depending on your business, you will want legal counsel on whether you are complying to all POPIA requirements.

    After you’ve created your privacy policy, make sure it is displayed on a visible place on your website. You should always include visible links to your legal agreements across all pages of your websites - even if that's a landing page - so users can review these agreements.

    How the POPIA affects digital marketing

    POPIA has massively affected how digital marketers are allowed to operate.

    Under Section 69 of the Act, you are not allowed to conduct any form of direct marketing unless the subject has expressly given their consent to receive such marketing.

    This includes emails, SMSes and automated calling machines.

    You are only allowed to approach a subject once to obtain such consent. If it is refused, it is refused forever.

    If the subject is a customer of yours, different rules apply. The customer’s contact details must have been acquired in the process of conducting a sale of your product or service and any direct electronic marketing can only relate to your own products or services.

    Your customer MUST be given the option of opting out of this information at any time.

    Expert marketing

    Looking for a media organisation that understands digital marketing and the data management that goes with it? 

    CRM System

    Quick Lists

    Services List


      The Psychology Behind Conversions

      Explore the psychology of CRO in our FREE e-book to boost conversions and profits by understanding customer behaviour and decision-making factors.


      Let us be a part of your success