A Beginners Guide To Website Privacy & GDPR: What Every Business Needs to Know

Privacy and GDPR - it’s one of those not-so-glamorous topics, but it’s super important. And honestly, it’s often overlooked.

When people ask me about the most common mistakes I see with websites, not worrying about GDPR and privacy laws is right at the top of the list. Making sure your website is compliant is something many business owners skip, but it’s essential.

Before we dive in, a quick disclaimer: I’m not a legal professional. Nothing in this blog is legal advice, and it shouldn’t be taken as such. Always consult a legal professional for guidance.

What I’m sharing here comes from my experience as a web designer. I’m also a GDPR-certified data privacy partner with Termageddon, a privacy policy tool I personally use and love. Through working with them, I’ve learned a lot about privacy and how it connects with websites.

Why should you care about privacy?

As a business owner, its highly likely that you’ll be handling “personal data” aka names, email addresses, payment details, etc.… It is therefore your legal responsibility to look after this data properly.

For example, to make sure you keep it secure, that you only collect data that is necessary and you always disclose what you plan on doing with that data through a privacy policy. I’m a website designer and about 50% of the websites I audit don’t have any form of privacy policy which breaks my heart because that means you’re technically breaking the law (unknowingly probably!)

I think the best place to start is with why should you care? What even is the point in all this? Well here’s the three key reasons why:

It keeps your users and clients safe

When you handle privacy properly, you’re actively protecting the people who trust you with their personal details. That means you’re not asking them for unnecessary information (like phone numbers you’ll never use), and you’re keeping the data they do provide (e.g. email addresses or payment details) secure. In a world where data breaches and online scams are becoming more common, customers want to know that their information is safe in your hands. By being thoughtful about what you collect and how you store it, you’re building trust and showing your clients that their safety and privacy matter to you.

It’s the ethical thing to do

At its core, respecting privacy is about respecting your customers. These are real people who are trusting you with sensitive information and they deserve to know it’s being handled with care. You’re also giving people a choice. I a choice to opt-in, a choice to unsubscribe and its the right thing to do. Think of it this way: if you wouldn’t feel comfortable handing over your personal details to a stranger without knowing exactly how they’d be used, then it’s not fair to expect your customers to do the same with you. By treating privacy as a moral obligation rather than just a box to tick, you position your business as one that values honesty, integrity, and respect.

It keeps you safe.

Privacy laws aren’t just guidelines, they’re a legal requirement in many places. Here in the UK and across the EU, GDPR laws apply, and similar privacy laws exist all over the world.

That means these things are enforceable, and ignoring them can put you at real risk. Fines for non-compliance are more common than many business owners realise, and even a small oversight (like not having a privacy policy or automatically subscribing people to your email list) can land you in hot water. By putting the right policies and practices in place from the start, you’re protecting yourself from costly mistakes and giving your business a safety net if you’re ever audited or challenged on your data practices. Think of it as insurance - you hope you’ll never need it, but you’ll be grateful it’s there if you do.

The General Privacy Guidelines You Need To Know

You’re already doing amazingly by reading this blog post but I would of course recommend spending a couple of hours getting clued up on privacy laws in your country and understand how to properly look after people’s data. But let me start off by sharing the basics that I think it’s super important for you to know.

As a business owner, its highly likely that you’ll be handling “personal data” aka names, email addresses, payment details, etc.… It is therefore your legal responsibility to look after this data properly.

Here are some of the key concepts you need to understand about privacy:

1. Only collect the information you truly need

For example, don’t ask for a phone number on your contact form if you never intend to use it. I don’t use phone numbers in my process - I work via email and online calls - so I don’t ask for them. The less unnecessary data you collect, the better.

2. Keep the data you collect secure

This includes all the simple things you probably know already. For example, use strong passwords, set up two-factor authentication on all your marketing tools, set up privacy settings on your website, and don’t leave sensitive information open in public places (like on a shared screen in a coworking space).

3. Be transparent with your users

People have the right to know what you’re doing with their data. If you collect an email address for marketing, you need to be upfront about how you’ll use it. This is where privacy policies come in. Check out the section below to learn more about them.

What is a privacy policy?

A privacy policy is a legally required document for your website. It explains:

• What data you collect

• How you use it

• How you store it (and for how long)

• Which third parties you share it with

And yes, even if you think you’re not sharing data with anyone else, you probably are. For example, if you collect email addresses, your email marketing platform (like MailerLite, ConvertKit, or Mailchimp) technically has access too. The same goes for platforms like Squarespace or WordPress forms.

Your privacy policy must also be easy to find. If you have a contact form, include a link to your policy right there, with a note like:

“By submitting this form, you agree that your data will be processed in line with our Privacy Policy.”

What are Terms & Conditions?

Unlike a privacy policy, terms and conditions aren’t always legally required, but they’re still very important.

They set out the “rules” for using your website, such as:

• Users can’t copy your content and claim it as their own.

• Offensive comments won’t be tolerated (if you allow comments).

• You aren’t responsible if someone clicks a third-party link from your site and runs into problems like viruses.

If you sell products or services online, your terms and conditions should also cover things like refund policies, delivery information, and payment terms.

This page doesn’t need to be fancy - just a link in your website footer is enough. But it’s a smart way to protect both you and your users.

What are cookies?

Cookies often feel like the mystery of the internet. Most people don’t really know what they are, but we’ve all clicked “I accept” on those little banners that pop up, so, let’s break it down, starting with: what are cookies?

Cookies are small pieces of data that a website stores on your computer or phone to remember information about your visit. They’re incredibly functional. For example:

• Remembering your login details so you don’t get logged out when you move between pages.

• Keeping items in your basket when you’re shopping online.

• Tracking how many times someone has tried to log in, for security purposes.

In short, cookies are good for users because they make websites work the way they should, and they’re good for website owners because they provide useful information about how people interact with your site.

Essential vs. non-essential cookies

Not all cookies are created equal.

• Essential cookies are required for the website to function (like remembering a cart or tracking login attempts). Users don’t need to consent to these.

• Non-essential cookies are optional, and users must give consent for these to be used. Examples include advertising cookies (like a Facebook pixel) and analytics cookies (like Google Analytics).

It’s important to note that consent for non-essential cookies must be opt-in, not opt-out. In other words, you can’t assume someone agrees - you need them to actively say yes. Until they’ve given consent, your website shouldn’t be using those cookies.

What is a cookie banner?

A cookie banner is the pop-up that lets users know your website is using cookies and gives them the option to accept or decline. To be compliant, banners must allow people to choose - they can’t just inform users that cookies are in use without giving them control.

Many website platforms, like Squarespace or WordPress, include built-in cookie banners. But here’s the catch: they often don’t cover third-party cookies (like Facebook pixels, YouTube embeds, or Google Analytics) unless you specifically connect them. So don’t assume the default banner is enough.

What is a cookie policy?

Just like you need a privacy policy to explain how you collect and use data, you also need a cookie policy to explain how your website uses cookies. While your cookie banner gives users the option to accept or decline, the cookie policy is the document that spells out all the details.

A cookie policy should explain:

• What cookies are (in simple terms)

• What types of cookies your site uses (essential vs. non-essential)

• Why you use them (e.g. to remember login details, track analytics, or run ads)

• Which third parties may place cookies on your site (like Facebook, YouTube, or Google)

• How users can manage or withdraw consent (for example, through their browser settings)

Your cookie policy should be linked in your website footer alongside your privacy policy and terms & conditions, and it should also be easily accessible from your cookie banner.

The best way to stay compliant with cookies

To cover both essential and third-party cookies, I recommend using a proper cookie consent tool like Termageddon or UserCentrics. These tools make sure you’re 100% compliant by blocking non-essential cookies until a user gives consent.

I personally use Termageddon for my privacy policy, terms & conditions, cookie policy, and cookie consent tool. It keeps everything in one place and automatically updates when laws change. If you’d like to try it, you can use the code FREYA for 10% off your first year. (That’s an affiliate link, but I only recommend it because I use and love it myself.)

The key takeaway with cookies is this: don’t assume it’s okay to use them. Always double-check whether the tools you connect to your website use cookies, and make sure you have a proper consent system in place. A third-party tool will save you the stress and keep you compliant.

Where do you get these policies?

So now you know why you need a privacy policy/terms & conditions/cookie policy - but where the hell do you get them?

There are a few different options:

Termageddon

I can highly recommend Termageddon as the go-to place for privacy policies, cookie policies and terms & conditions for your website. I use them myself and they’re amazing because your policies will automatically update as laws change across the world. You can check out the privacy policy tool here* and if you use the code FREYA at checkout, you can get 20% off your first year*. You just fill in a form once, and your policies are good to go. I use them in my own business because they give me peace of mind. If you’d like to try it, you can use my code ‘FREYA’ for a discount.

Template Shops

Template shops are another great source of the policies you need, for example Lucy Legal. They offer one-off templates you can purchase one time and add to your website. Just be aware that templates usually don’t update if the laws change - you’ll need to keep track of that yourself.

A Legal Professional

Working with a legal professional is the most tailored (but also the most expensive) option. You’ll get policies written specifically for your business and the way you use data but I also appreciate this isn’t feasible for lots of business owners. Particularly as the way you use data will change over time e.g. as you change email marketing providers or introduce new tools into your business. That’s why I personally use the tool Termageddon mentioned above.

Privacy & Email Marketing: What You Need To Know

One of the biggest ways privacy connects to your website is through email marketing. Building an email list is incredibly valuable, but you need to be careful about how you handle people’s data.

If you’re offering a freebie in exchange for someone’s email address, you must make it abundantly clear that they’re also subscribing to your email list. Simply saying “Download this freebie” without mentioning that they’ll be added to your list could be a legal breach.

Always add clear wording such as:

“By downloading this free resource, you agree to be added to my email list. You can unsubscribe at any time.”

Other key points to remember:

• Make sure people can unsubscribe easily.

• Don’t send marketing emails directly from your Gmail or Outlook - you need an email marketing platform with built-in unsubscribe links.

• Never automatically subscribe people. Filling in a contact form does not equal consent for marketing emails. You need to have a specific opt-in box on your contact form so people can opt-in to receive email marketing from you.

Summary

Privacy might not be the most exciting part of running an online business, but it’s one of the most important. From protecting your clients, to protecting yourself, to simply doing the right thing - it all comes down to being responsible with the data you’re trusted with. Getting the right policies in place, collecting only what you need, and being transparent about how you use it will set your business up for long-term trust and success.

This is just one of the many topics I cover inside my DIY Website Club, where I help business owners like you build websites that not only look good, but also work - professionally, legally, and strategically. If you want to feel confident that your website is both beautiful and compliant, the DIY Website Club is the perfect place to start. Click here to find out more about the membership and let’s get your website in shape.