GDPR Update 2018

If you are in Europe you will need not just your website but all the data you hold to be GDPR compliant.  This is a big job for any organisation as it changes the way you handle data and how you gain people’s consent to your use of that data and it also significantly enhances the rights of the person who’s data you hold.

There are a huge raft of documents and companies making money out of doing this for you.  Start with getting to understand the requirements.

For the UK:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ (the most important thing for you to look at)

https://www.ncsc.gov.uk/smallbusiness (very useful to help explain security issues)

http://www.cfg.org.uk/resources/Publications/cfg-publications.aspx#GDPRguide (a guide for charities)

Generic, but give you a good quick start:

The 12 Best Privacy Policy Generators Online

Note: a Privacy Policy needs to also have a Cookie Policy (if you have a website), and everything has to be written in as understandable English as possible.

A really straightforward but effective tool for sorting out your cookies is provided by attacat.  You download a tool that clears your cookies in chrome.  Then you browse the desired website clicking on all the pages and when completed, you end up with a list of all the cookies on your website and you can automatically generate a cookie policy based on this.

Depricated

This is a website which automatically generates a privacy policy based on a number of questions.  It does not take cookie law into account, but if you want a framework to start a policy with, it gives you a 2-3 page document which sounds good.

Create Free Privacy Policy.