The ultimate privacy policy checklist

  • by Osano Staff
  • · posted on April 11, 2022
  • · 4 min read
The ultimate privacy policy checklist

Have you ever read through a privacy policy? More likely than not, you’ve seen a link to one in the footer of a website or hastily hit “accept” when asked to approve a pop-up privacy policy. 

As the number of data protection laws increases, it’s essential to craft a privacy policy that is truthful, easy to read, and up-to-date. Our privacy policy checklist shares 10 things you need to include to ensure compliance and elevate your brand’s reputation. 

What is a privacy policy?

You know that building trust with current and potential clients is paramount to building your business. You also understand that collecting data is imperative while building relationships. Privacy policies can help you build trust while achieving compliance with the authorities. 

A privacy policy is a written statement that details which types of personal data you gather from website visitors and customers. It also tells a user how that data is used, managed, and shared with third parties. Personally Identifiable Information (PII) includes a person’s name, email, address, phone number, credit card number, birth date, gender, age, and other types of identifiable information. If you collect one or more pieces of PII, you need a privacy policy. 

Privacy policies aren’t a one-and-done project. States in the US and countries worldwide are adopting more stringent regulations regarding PII, and it’s up to you to stay in compliance. You’re not only responsible for knowing the laws where you’re based — you’re also responsible for correctly implementing them according to a user’s location.  

Increasingly strict laws around the world come with hefty fines. In 2021, Luxembourg’s National Commission for Data Protection fined Amazon $888 million for violating EU data protection laws. Avoid penalties by using this privacy policy checklist to keep your customers in the loop about how you deal with their data. 

Your privacy policy checklist

Before you start Googling “privacy policy example,” know that you should tailor your policy to your specific business. Don’t borrow one from other organizations or copy and paste from a sample privacy policy you found on the internet. You risk non-compliance if the organization you borrow from doesn’t handle data the same way as you.

Are you 100% certain yours is compliant? If not, it’s time for an update. Before you start writing your privacy policy, take the time to understand your data collection practices fully. Once you know how data is collected, stored, and shared, use easy-to-understand language to convey that information to your website visitors. Steer clear of legalese and niche jargon.   

Try Osano Free!

Here are 10 things you should include in every privacy policy:

1. A description of your business

This section should be a simple introduction to the privacy policy. Include your business name, describe your business, and state your intent to explain how you manage their personal information. 

2. The type of personal data you collect

Identify both non-personal and personally-identifying information your website collects. Disclose the use of cookies and let users know about any personal information your site may collect during newsletter signups, sales, or account registration. 

3. How data is used

Do you plan to use personal information for marketing purposes? You’ll need to include a CAN-SPAM notice with opt-out capabilities. 

4. Which third parties, if any, have access to a user’s data

 Let the consumer know if you share user data with a third-party source, such as a subsidiary, affiliate, or credit card processing company. If you share a user’s data with a third party, you’re responsible for how they protect that data.

5. Responsibility regarding third-party links

You are responsible for the data your website shares with third-party sites. You are not responsible for the data a user chooses to share when they click a third-party link on your website. Let users know where your responsibility ends. 

6. How you protect their data

Sharing private data is a risk for consumers. If you take security measures to prevent the theft of personal data, build trust by detailing the administrative and technical protections in your privacy policy. 

7. How a person can request to see their data

Include a straightforward path for users to see the data you have collected about them. Describe how they can edit or remove their data independently or request that you edit or remove it.

Curious about privacy? Find out how Osano automates compliance & saves you time! Learn more

8. Whether you adhere to “Do Not Track” signals

Let consumers know how your organization responds to actions taken to maintain their privacy, such as the “Do Not Track” web browser settings. 

9. Effective date

Was your data protection strategy updated a week ago or a decade ago? Show full transparency by including the effective date of your current privacy policy. 

10. A plan for communicating updates to the privacy policy

As laws change, policies will, too. Tell consumers how you’ll let them know about future changes to your data management plan.


California, Nevada, Virginia, the EU, the UK, and Australia are just a few states and countries with data privacy laws. Your privacy policy should consider each location to ensure worldwide compliance.

Follow-through on your privacy policy with our Consent Management Platform

Achieving global compliance is a full-time job. That’s why Osano created the Consent Management Platform. It’s the most popular cookie consent software globally– trusted by over 750,000 websites. 

With the addition of just one line of JavaScript, your website is instantly compliant with the data privacy laws of more than 40 countries. The best news? Osano stays up-to-date on the changing laws and automatically displays and enforces the correct consent requirement based on each website visitor’s geolocation. In case of legal action, data stored on the blockchain ensures cryptographically verifiable proof of user consent. 

Sign up for a demo or a free trial and enjoy the peace of mind that comes with knowing your site is compliant– no matter where your website visitor lives.

About The Author · Osano Staff

The Osano staff is a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet. Occasionally, the team writes under the pen name of our mascot, “Penny, the Privacy Pro.”