Logo

GDPR-compliant privacy policy

A privacy policy is mandatory for website operators. But what does it actually include to fulfil the legal requirements?
11/11/2024
Florian Kassel

A privacy policy is mandatory for website operators. But what does it actually contain to fulfil the legal requirements? A privacy policy generator helps you to generate this document. A free GDPR generator can correctly integrate the privacy policy into your website.

Create GDPR online - mandatory for almost all websites

Every website that is not privately operated must have a GDPR online. Similar to the legal notice, this privacy policy must contain certain information in order to be safe from warnings and fines.

The following websites require a GDPR privacy policy:

  • Company websites
  • Blogs that are not purely for private use
  • Online shops
  • Websites for advertising purposes
  • News portals

Requirements for the GDPR privacy policy

The aim of the GDPR is to ensure that all visitors and users are informed in detail about everything that happens on your website. Everything about data collection, transmission and processing must be included, as well as the use of personal data (e.g. name, address, email address, IP address), the use of cookies, social media plugins, Google Analytics and other services.

The privacy policy must be easily accessible to users from every page and always be up to date. If this is not the case, there is a risk of warnings, claims for damages and fines of up to 20 million euros. The legal notice and privacy policy must be listed separately. A good place for both documents is the footer on the homepage or the sidebar. The privacy policy must also be easy to read.

This belongs in the privacy policy according to GDPR:

  • Controller with contact details for the privacy policy
  • Purpose and legal basis of data processing
  • Duration of the storage of personal data
  • Information about the rights that exist under the GDPR (e.g. legal information, correction of incorrect data, deletion of processing, objection and the right to data disclosure and portability)
  • Information and notes on the storage of ‘server log files’ (e.g. website visited, time, amount of data sent in bytes, browser used, operating system and IP address)
  • Information about the setting of cookies (e.g. what type of cookies, reason for use, use of tools and services, duration of storage)
  • GDPR in English translation if your website is written in English, you sell abroad or an international telephone number is given as a contact

All data protection officers: Not every website needs a data protection officer. This is only mandatory for public bodies such as offices and authorities or for companies with more than 10 employees who regularly come into contact with automated data processing within the company. If data is not collected and processed automatically, the requirement for a data protection officer only becomes mandatory if the number of employees exceeds 20.

Do you use Google Analytics on your website? This analyses user behaviour, length of visit and page views, and collects and evaluates information and personal data. Therefore, you also need information in the privacy policy that your users must agree to. The same also applies if social media plugins are integrated on your website. There must also be corresponding sections in the privacy policy for the newsletter, contact form and SSL encryption.

If the proper privacy policy is missing

These consequences are possible if a privacy policy in accordance with the GDPR is missing on your website or not all necessary data is included.

Warning letter

Competitors as well as consumer protection and competition organisations can issue you with a warning if your website does not have a privacy policy or has an incorrect one. This constitutes a breach of the General Data Protection Regulation (GDPR) and can even be penalised as unfair competition, resulting in hefty claims for damages.

Fines

The fines imposed by the data protection authorities are even worse. Violations can result in fines of up to 20 million euros or 4% of turnover.

Is a template for the privacy policy sufficient?

You can use a template to fulfil all the legal requirements of the privacy policy. However, as these can change regularly and the legal formulations are often not understood correctly, a free privacy policy template is only recommended to a limited extent.

If you are familiar with the legal situation and can adapt the template to current legislation yourself, this is not a problem. For everyone else, we recommend a GDPR-compliant data protection generator that will make the adjustments for you.

Is a free GDPR generator recommended?

You can create a privacy policy in accordance with the GDPR free of charge by using a legally compliant generator. There are several of these on the web. The best generators are those that are always adapted by lawyers to the currently applicable law and sent to you.

A free privacy policy generator is much more secure than a template that you have to regularly adapt yourself. Each privacy policy can be compiled with just a few clicks.

With a good generator, you select the tools and data processing operations available on your website and are then sent a privacy policy that you can easily integrate into your website. This is usually delivered as a PDF or HTML source code.

There are also data protection generators available for a fee. Here you often receive the documents required for your website fully automatically.

Conclusion
With a privacy policy generator, you are on the safe side if you always want to fulfil the current legal requirements for data protection correctly. If you choose a simple, free privacy policy template, it is unfortunately not always complete. Most website operators are also often overwhelmed by the task of updating it in accordance with the current legal situation. If you want to create a free privacy policy in accordance with the GDPR, a privacy policy generator is therefore the better option. It not only saves a lot of time, but also minimises the risk of a warning or high fines.
In this article
  • Create GDPR online - mandatory for almost all websites
  • Requirements for the GDPR privacy policy
  • If the proper privacy policy is missing
  • Warning letter
  • Fines
  • Is a template for the privacy policy sufficient?
  • Is a free GDPR generator recommended?
Written by
Florian Kassel
Florian Kassel
Online Marketing Experte
Other relevant articles
The EU and the AI Act: A guide to the core content
The EU and the AI Act: A guide to the core content

The use of AI can bring many advantages: The improvement of forecasts, the optimisation of processes and resource allocation as well as the personalisation of services.

12/09/2024
F. Kassel
Trademark search before founding a start-up
Trademark search before founding a start-up

Why does it make sense to carry out a trade mark and trademark search, even if you don't want to register a trade mark initially, but just want to set up your start-up?

11/12/2024
F. Kassel
The imprint obligation: The legal must for your website
The imprint obligation: The legal must for your website

If you offer goods or services online in your company, you are generally obliged to provide an imprint on your website. The imprint provides information about you as a provider so that your customers have an overview of your identity. This is intended to create legal certainty and transparency. The legislator regulates this obligation in the German Telemedia Act (TMG). This obligation includes a list of details that you as the operator are obliged to clearly display on your website. An incorrect imprint can constitute a competition offence and result in fines.

12/13/2024
M. Noss
view all articles
Our network for businesses
Join our community for free
and take advantage of exclusive benefits for your business growth:
Marketplace: Products, consulting, and more
Partner offers: Discounts and exclusive deals
Academy: Coaching & seminars for your professional development
Sign up for free now
Logo
Foundation
Legal
Contact
nonprismatic GmbH
Beethovenstr. 13
66111 Saarbrücken
Deutschland
Cookies & Privacy Settings

On our website we use third-party cookies, among other things, to personalize content or analyze access to our website. You can agree to the use of these cookies or reject them. You can view the form in which we process data at any time in our privacy policy.