Monday, May 28, 2018

Rewriting your Privacy Statement and Cookies Policy

I wrote Privacy Policies - which covered the use of Cookies - for my websites and blogs yonks ago.

Of course, the advent of GDPR has meant that they now ALL need to be updated to become compliant with GDPR.

However what I did not anticipate was that I would be writing and re-writing the Privacy and Cookies Policies over and over again. (For the record the one for this blog needs rewriting again and my latest / most up to date version is on Art Business Info. for Artists - but that needs more work!

That's because although I read the guidance and knew pretty much what I needed to do it took until 24-25th May before most 'well-informed' people published their new Privacy Policies - which means that I now have a huge reservoir of policies to look at to see which work best for me.

The main difference to what I had before and what I need now is that the Policy now needs to be 

  • spelt out systematically 
  • sit under heading(s) which say 'Privacy Statement' and 'Cookies Policy'.

If you haven't even started writing a Privacy Policy 

I've  decided that when it comes to rewriting you can't fail if you reference the Privacy and Cookies Policies of certain leading websites.

Which is why below you can find links to some of those I feel certain will have got it right. Have a read and then decide what works for you.

Information Commissioner's Office

Where better to go than the website of the Regulator?
  • Privacy Notice (over several pages - but an easy read)
  • Cookies Policy - their deeply nerdy goody two shoes approach has every cookie nailed and explained!


Always worth checking out what they are doing on the Gov.UK website - they should be leading from the front! This is Gov.UK's

It's kept very streamlined and simple. very much a recommended read. Here's its take on Google Analytics.

Google Analytics stores information about:
  • the pages you visit on GOV.UK
  • how long you spend on each GOV.UK page
  • how you got to the site
  • what you click on while you’re visiting the site
We do not collect or store your personal information (for example your name or address) so this information can’t be used to identify who you are.
We do not allow Google to use or share our analytics data.
Google Analytics sets the following cookies.
_gaThis helps us count how many people visit GOV.UK by tracking if you’ve visited before2 years
_gidThis helps us count how many people visit GOV.UK by tracking if you’ve visited before24 hours
_gatUsed to manage the rate at which page view requests are made10 minutes

The Royal Family

I just assume they have somebody advising them who knows what they are doing!  Here are the policies for the website - AND their operations more generally, which interestingly artists might find interesting given there is a lot of get out and about and interact with other organisations.

Here are their:
  • Privacy Policy
  • Note in particular the two paragraphs relating to cookies on the Royal Family website and Google Analytics cookies - this is what I call stripped back!

The National Gallery

I thought it worth checking what some of the major art organisations were saying.
  • Privacy Policy - set out in chunks with a separate page for each section
  • Cookies Policy - also chunks - the advantage being you can get straight to the bit you want. They have a complete breakdown of all the cookies - which means you have a good chance of finding the ones you need to list


Every Google product seems to reference the Privacy Policy for the country you are located in.

This is the Google Privacy Policy for the UK - with the link found at the bottom of the Feedburner website which I use for email subscriptions to this blog.

Suzanne Dibble

Suzanne Dibble is the lawyer who has grown the GDPR For Online Entrepreneurs (UK, US, CA, AU) Facebook Group from zero to 35,000+ members since February. It's probably the most sensible GDPR Group around - plus it has lots and lots of videos addressing different aspects. Worth a wade through - but a warning - you will be overwhelmed!  It's targeting small businesses more than sole traders.

You haven't got a hope of copying either of the following for her business website (far too canny for that!) - but they are both definitely worth a read

Here is her:

My recommendation. Think of a website and operation that is very like you - and have a look at what they've got to say.

CAUTION: There is no way of knowing who has got it right. However taking a look at the websites of those who SHOULD be setting an example gives us a good steer towards getting our statements right.

and finally.....

All the messages coming out of ICO suggest that they are very much looking towards helping small businesses rather than fining them.

Don't ignore GDPR - but also don't anguish over whether you've got it all 100% right.  If you got it wrong then all the PR suggests that they will be looking to provide guidance in the first instance

No comments:

Post a Comment

COMMENTS HAVE BEEN SUSPENDED AGAIN due to very silly ignorant people who leave spam comments without realising they have no benefit for them.

Please feel free to comment on my Facebook Page as my blog posts are always posted there (but please note anonymous comments are not published and I block and report spammers to Google and on Facebook)

Note: only a member of this blog may post a comment.