Data Privacy Policy: What It Is and How To Create One

Data Privacy Policy: What It Is and How To Create One

A data privacy policy helps companies comply with privacy laws while setting expectations for website visitors about their data usage.
Out of the adults Statista surveyed worldwide, 66% of respondents agreed that they felt tech companies control their personal data. Surveyed consumers based in the United States, United Kingdom, and Spain expressed more concern about their personal data when compared to respondents based in Europe and Asia. In response to increasing privacy awareness, companies need to assure consumers of their privacy rights with an accessible and digestible data privacy policy. Let’s take a closer look at what a data privacy policy is and why businesses need to have one on their websites.

What Is a Data Privacy Policy?

A data privacy policy is a public declaration about what data may be collected from visitors and how these may be used by the company, its affiliates, and external technologies like analytics or advertising tools. The policy also lays out how the company maintains, discloses, and protects visitors’ data. Some companies choose to create their own delivery channels for their data policies, like Treasure Data’s Privacy Hub.

Data privacy policies are mandated by privacy laws, including the General Data Protection Regulation (GDPR) for the EU, California Online Privacy Protection Act (CalOPPA), the Delaware Online Privacy and Protection Act (DOPPA), and the Children’s Online Privacy Protection Act (COPPA), among others. Non-compliance puts companies at risk of penalties and fines amounting to thousands of dollars per violation.

Data privacy policies are important not only for compliance but also serve as legal documents on a website that sets expectations for site visitors. Therefore, privacy policies should be accessible to visitors regardless of where they are on a company’s website.

How To Create a Data Privacy Policy

Companies need to think about three main things when creating a data privacy policy:

  1. What details to include
  2. Where to put it on the website
  3. How to make sure visitors read it

Policy Details

Data privacy policies need to include important details, like:

  • Company information, including legal name, headquarters or mailing address, contact number, and email.
  • The types of data collected from consumers, including personal identifying information (PII), demographic data, technical information, and website activity.
  • How visitor data is collected, e.g., through direct interaction, third-party sources, external technologies, or user contributions from website activities like account logins.
  • What the company intends to do with visitor data, e.g., advertising initiatives,  personalized browsing experience, targeted marketing.
  • Visitors’ privacy rights under applicable laws within a specific jurisdiction.
  • People or parties with whom the company may share visitor data, e.g., company affiliates and subsidiaries, business suppliers, advertisers, and third-party buyers.
  • Visitors’ options about what data may be collected and how these may be used.
  • Implications of cross-border data transfer.
  • Company policies on data security, retention, and deletion.
  • Changes to the company’s data privacy policy.

Requirements for every mandated data privacy policy will vary according to specific jurisdictions and applicable laws. However, companies may start with the above list and modify it as necessary to comply with current laws.

Get Treasure Data blogs, news, use cases, and platform capabilities.

Thank you for subscribing to our blog!


Another important consideration is where to locate the data privacy policy on the company website. Typically, a dedicated page houses the entirety of the policy document with important details, such as business contact information and the user agreement.

The data privacy policy must be linked to the website homepage and on every webpage. Many companies display a link at the footer of the website. Others use a pop-up to notify visitors of the company’s privacy policy before they can access the site.

Companies must obtain visitors’ consent before collecting data. While some websites require visitors to confirm their agreement, others imply user acceptance through continued use of the site. Make sure to check applicable privacy laws and comply with regulatory requirements for user consent.


The last consideration is how to make the policy appealing to readers. Here are a few tips to encourage users to read the policy:

  • Use plain words and avoid unnecessary jargon.
  • Place important details at the beginning of the document.
  • Break up large blocks of text.
  • Include a hyperlinked and/or bookmarked table of contents.
  • Outline visitors’ choices regarding personal data, like opt-outs.
  • Communicate updates to the data privacy policy.
  • Be transparent about how your company uses visitor data.

In summary, a data privacy policy informs website visitors and consumers how a company collects, uses, and shares data. Companies need to provide this policy to comply with privacy laws and set visitors’ expectations about how their privacy rights are being protected. A data privacy policy needs to include important details, like what data points are collected, how users’ personal data are used, and applicable privacy rights, as well as visitors’ options regarding their personal information. Data privacy policies must be accessible from every website page and designed to be reader-friendly to engage website visitors.

Uphold Data Privacy Policy With Treasure Data

Here at Treasure Data, we take data privacy seriously. Our enterprise customer data platform keeps data secure while delivering the best data privacy solutions for your company’s needs. It’s no secret: we keep data safe for some of the largest companies in the world and help them live up to their data privacy policy.

Check out what you can do with Treasure Data:

  • Collect and centralize customer data from all sources
  • Unify customer profiles using online + offline data
  • Keep customers’ personally identifiable information (PII) safe
  • Keep global teams privacy-regulation compliant
  • Manage permissions by region, organization, role, and more
  • Integrate with authentication services for secure identification
  • Create premium audit logs for monitoring activity
  • And more

Treasure Data Customer Data Cloud is an integrated suite of cloud-based customer data platform solutions. Treasure Data provides insight by collecting and centralizing customer data, unifying profiles, and analyzing journeys to surface hidden trends in customer behavior.

To learn more about how you can uphold your data privacy policy with Treasure Data’s customer data platform, consult an expert today. Want to learn more? Request a demo, call 1.866.899.5386, or contact us for more information.

Jim Skeffington
Jim Skeffington
Jim Skeffington is a Technical Product Marketing Manager at Treasure Data. He has years of experience working with data, including as a financial analyst, data architect, and statistician. Recently, he was recognized by the Royal Statistical Society for his thought leadership in the fields of statistics, data science, and data research. He is also proud to serve as a Captain in the United States Marine Corps.
Related Posts