Website Checklist for Data Privacy and Security

• Publish a Privacy Policy
  • Provide your company name and contact details
  • List what personal information you collect
  • State why you collect it (legal basis)
  • Disclose how you collect it (include cookies)
  • Explain what you do with it, and why
  • Describe any third parties that you share or sell the data to
  • Disclose how long you retain it for
  • Explain how users can follow through on their data privacy rights (aka, access, deletion, and correction requests)

• GDPR 🇪🇺
• UK GDPR 🇬🇧
• CCPA 🇺🇲
• CalOPPA 🇺🇲
• CDPA 🇺🇲
• PIPEDA 🇨🇦
• … & more

Termly Solution

• Privacy Policy Generator
• Privacy Policy Template

• Implement Consent Management
  • Auto Blocker: Mechanism to block scripts and cookies from being activated before a user has given informed consent
  • Consent Banner: With proper opt-in or opt-out consent choices depending on applicable laws
  • Cookie Policy: Accurate, up-to-date, and regularly updated
  • Consent Preference Center: So users can change their minds and opt back in or out of your privacy practices
  • DSAR or SAR forms: To provide users with a means for following through on their rights to request to access, correct, or delete their personal data

• GDPR 🇪🇺
• UK GDPR 🇬🇧
• CCPA 🇺🇲
• CDPA 🇺🇲
• LGPD 🇧🇷
• PIPEDA 🇨🇦
• Privacy Act 🇦🇺
• POPIA 🇿🇦
• … & more

Termly Solution

• Consent Management Platform
• Cookie Banner Generator
• Cookie Scanner

• Publish a Cookie Policy
  • Perform a cookie audit on your website to find all cookies or trackers it uses
  • Name and categorize all cookies and trackers, and explain each one
  • If you fall under laws like the GDPR: request opt-in consent for all non-essential cookies, including third-party trackers before placing any on users’ browsers
  • If you fall under laws like the CCPA: – provide a way for consumers to opt out of targeted advertising through things like tracker cookies

• GDPR 🇪🇺
• ePrivacy Directive 🇪🇺
• UK GDPR 🇬🇧
• CCPA 🇺🇲
• CDPA 🇺🇲
• … & more

Termly Solution

• Cookie Policy Generator
• Cookie Policy Template
• Consent Management Platform

• Have a Data Retention Policy
  • Under regulations like the GDPR, you can only store data for as long as necessary to complete the initial purpose stated when you first gathered the data.
  • Create and implement a policy following the applicable laws affecting your business.

• GDPR 🇪🇺
• UK GDPR 🇬🇧
• CCPA 🇺🇲
• … & more

Termly Solution

• Coming soon

• Provide a Data Subject Access Request (DSAR) Form: 
  • Based on applicable laws, provide a process for users to request to…
  • Access the personal information you’ve collected about them
  • Amend or correct the personal information you’ve collected about them
  • Delete the personal information you’ve collected about them
  • Provide them their data in a readily-usable format for transmission to other companies
  • Limit the use or processing of the personal information you’ve collected about them

• GDPR 🇪🇺
• UK GDPR 🇬🇧
• CCPA 🇺🇲
• CDPA 🇺🇲
• LGPD 🇧🇷
• PIPEDA 🇨🇦
• Privacy Act 🇦🇺
• POPIA 🇿🇦
• … & more

Termly Solution

• Consent Management Solution
• DSAR/SAR Template

• Have a “Do Not Sell Or Share My Personal Information” link
  • If you meet the legal threshold of the amended CCPA, you must provide users with two means for following through on their rights, including one of the following methods:
  • Posting a “Do Not Sell or Share My Personal Information” link in the footer of your website
  • Posting a “Limit the Use of My Sensitive Personal Information” link in the footer of your website or;
  • Combining the two links as long as it’s obvious that the link allows them to follow up on their privacy rights

• CCPA 🇺🇲

Termly Solution

• Consent Management Solution

• Have a Data Processing Agreement (DPA)
  • Obligate third-party processors to act solely on your instructions when processing your customers’ data
  • Require third-party entity to protect personal information using strict security requirements following current best practice and all applicable data privacy laws
  • Mandate that processors provide reasonable assistance in complying with your obligations under applicable law
  • Include provisions required when transferring data outside your jurisdiction

• GDPR 🇪🇺
• UK GDPR 🇬🇧
• CCPA 🇺🇲
• CDPA 🇺🇲
• … and more!

Termly Solution

• Coming soon

• Have a Terms and Conditions Agreement
  • This policy protects your business from liabilities, abusive users, and intellectual property theft.
  • Include clauses that limit your liabilities
  • Outline rules of use for posting comments, content, or other communications on your platform
  • Establish your intellectual property rights
  • Set your payment terms
  • Inform users about your dispute resolutions and governing laws
  • Publish disclaimers and disclosures
  • *This policy has many titles, like terms of use, terms of service, website terms, and general conditions.

• Is a business best practice and protects you

Termly Solution

• Terms and Conditions Generator
• Terms and Conditions Template

• Publish Disclosures 
  • These explain (or disclose) important or necessary details to your consumers
  • Affiliate link disclosure
  • Fair use disclosure
  • Shipping and handling disclosure
  • Return policy disclosure
  • Disclosure of payment terms
  • Dispute resolution disclosure
  • Governing laws disclosure

• HIPAA
• Copyright Act
• COPPA

Enforced by groups like

• The FTC
• The CMA

Termly Solution

• Disclaimer Generator
• Disclaimer Template (because these are similar to disclaimers, our tools are combined into one!)

• Publish Disclaimers
  • These remove (or disclaim) liabilities and responsibilities from your plate
  • Limits of Liability or No Responsibility
  • Copyright disclaimer
  • Testimonial disclaimer
  • Views expressed disclaimer
  • Warranty disclaimer
  • Product disclaimer
  • Advice disclaimer — medical, legal, financial, health, etc.
  • Third party disclaimer
  • DMCA Notice

• HIPAA
• Copyright Act
• COPPA

Enforced by groups like

• The FTC
• The CMA

Termly Solution

• Disclaimer Generator
• Disclaimer Template

• Get a Secure Sockets Layer or SSL Certificate
  • This digital certificate authenticates the identity of your website and allows for encryption, keeping the user data you track safer and more secure.

• Use Firewalls
  • Firewalls are a network security system that controls the incoming and outgoing traffic based on security rules, and it establishes barriers between a trusted network and an untrusted network.

• Implement a Proficient Password Policy
  • Implement a business-wide password policy to keep employees trained and accountable, and set guidelines such as password lengths and the types of characters allowed.
  • If your users can create logins, remind them they’re responsible for keeping their password private, and implement complex password requirements.

• Perform Regular Software Updates
  • Update all software your business regularly uses, both internally and externally.
  • Hackers typically find holes in outdated software, which leads to many otherwise avoidable cybersecurity attacks.

• Create a Comprehensive Backup and Recovery Plan
  • Create a protocol for disaster recovery should a cyberattack ever occur.
  • Account for things such as employee negligence and multiple attack vectors, and outline a clear timeline for recovery.

• Invest in Proper Employee Training
  • Perform regular employee training regarding your security practices and protocols to prevent employee negligence from leading to a data breach or cyberattack.
  • Cover topics like phishing scams and password best practices.

• Implement Strict Access Controls
  • Compile a full inventory of all your company’s systems and assets and ensure customer data is only accessible to those with a clear business need. This measure limits your exposure if employee accounts get hacked.

• Publish a Return and Refund Policy
  • While not required by law, if you don’t post a return policy stating otherwise, in some US states, you must provide a full refund in specific situations.
  • In the UK, consumers can change their minds and request a refund for any reason within a specific number of days.

• Set proper customer expectations
• Streamline your customer services

Termly Solution

• Return and Refund Policy Generator
• Return and Refund Policy Template

• Publish a Shipping Policy
  •  Post a shipping policy to inform customers how much shipping might cost, where you ship, and what delivery options are available.
  • While not legally required, this is a necessary policy for any ecommerce business.

• Set proper customer expectations
• Streamline your customer services

Termly Solution

• Shipping Policy Generator
• Shipping Policy Template

• Have an End-use License Agreement
  • If you sell software, you technically are providing users with a temporary license to use it, not to own it.
  •  Create a EULA to explain these ownership rights, state what the license entails, and outline what users can and cannot do with your software.

• EULA Generator
• EULA Template

• Make Your Website Accessible
  •  Make your website accessible to as many types of visitors as possible by achieving Website Content Accessibility Guidelines (WCAG) 2.1 compliance.
  •  Follow the U.S. Department of Health and Human Services (HHS) accessibility training guide.
  • Federal agencies are subject to following Section 508.

• U.S Department of Justice Guidance on Americans with Disabilities Act (ADA)

• Copyright and Trademark Compliance
  • Post a copyright disclaimer in the footer of your website to remind users that you’re retaining ownership over your creative content.
  • Explain what intellectual property rights you’re retaining in a clause in your terms and conditions.
  • Trademark your business’s branding and logos, and explain what rights you’re retaining over those images in a clause in your terms and conditions.
  • Add a Digital Millennium Copyright Act (DMCA) disclosure to your terms and conditions to explain to users how a DMCA notice will be handled, should one occur.

• Copyright Law of the United States (Title 17)
• Digital Millennium Copyright Act (DMCA)
• U.S. Trademark Law

Termly Solution

• Terms and Conditions Generator
• Terms and Conditions Template
• Disclaimer Generator
• Disclaimer Template