Privacy policies can be intimidating for small businesses without legal teams or legal counsel, but they don’t have to be.
There are some instances where a lawyer could be useful, depending on:
- Your industry
- The type of audience you target
- How much data you collect, and how it’s processed
- What data privacy legislation your business falls under
- When You MIGHT Need a Lawyer
- Is Termly’s Solution Vetted By Lawyers?
Privacy policies must meet different guidelines and requirements depending on what data privacy laws your business falls under, and it’s likely you fall under multiple as these regulations usually have an extraterritorial scope.
You can learn more about relevant laws by checking out our US data privacy legislation guide and our global data privacy regulations graphic.
|Use our generator if your business:||Consult a lawyer if your business:|
Ultimately, each business should evaluate on a case-by-case basis if they can make their own legally compliant policy or require assistance from a legal professional.
When You MIGHT Need a Lawyer
- Collects very large amounts of personal information: The specific volume depends on multiple factors, like what industry you’re in, so this must be evaluated on an individual basis, but a good rule of thumb is the more complex your data practices, the more likely you’ll need to seek our legal counsel.
- Collects categories of highly protected types of personal information: For example, if you collect sensitive personal information, medical information, data from children, or biometric data, it benefits you to consult a lawyer.
- Targets minors under the age of 18: Businesses that target children or minors must follow stringent legal guidelines, like those outlined by COPPA, and it’s best to consult a lawyer to ensure you’re following all relevant laws and regulations.
This way, you bring the completed document to your solicitor rather than asking them to make it from scratch, which could reduce the time they spend on your privacy compliance and the cost of your legal fees.
For example, according to the US Bureau of Labor Statistics, the mean rate for lawyers in the US is $71.17 per hour.
By comparison, according to the Gov.uk website, the suggested hourly rate for solicitors in the United Kingdom with at least four years of experience is £180, approximately $216.61 USD.
- Managed solution
- Free template
- Do-it-yourself (DIY) approach
Let’s discuss these methods in more detail so you can choose the one that works best for you.
We recommend this solution for:
- Businesses that fall under the California’s CCPA
- Businesses that are subject to the European Union’s GDPR and that do not collect large amounts of personal data (for example, the data of 50,000 people)
- Ecommerce websites that have visitors from California and/or the European Economic Area (EEA)
- Companies that want to increase their privacy literacy
- Businesses that want to build and maintain consumer trust
Our Generator includes questions and sections so businesses can make a policy that complies with all of the following pieces of data privacy legislation:
- UK GDPR
- Amended CCPA
- Virginia CDPA
- Basic blog websites that only collect email addresses to send updates about new posts
- Ecommerce websites or apps that only collect basic information for payment processes
- Small businesses that don’t collect sensitive personal information such as health data or data related to race, ethnicity or gender on large scale.
- Websites that don’t collect any personal information from users or that don’t fall under any data privacy legislation
The benefits of using free templates are undeniable. They cost nothing, complete a lot of the initial writing and formatting for you, and are super easy to use.
- Don’t collect any personal information from your users
- Don’t fall under the jurisdiction of any data privacy legislation
- Only collect minimal amounts of data
If consumers don’t see one, they tend to assume your website is untrustworthy and may choose a competitor over you.
Tell them the truth about your data collection practices, even if they’re nonexistent or basic. Customers will appreciate your transparency, and you’ll foster better relationships with your users.
Don’t collect any personal data? Read this.
For businesses that don’t collect any user data, your website might still place cookies or other trackers on your visitors’ browsers, and cookies contain a unique identification number (cookie ID).
Under regulations like the GDPR, cookie IDs are considered personal information, and you must get explicit user consent before any cookies that aren’t deemed strictly necessary are placed on users’ browsers.
Find out by using our free cookie scanner.
Is Termly’s Solution Vetted By Lawyers?
Yes, all of our website policies and privacy compliance solutions — and even this article — are vetted by our legal team and data privacy experts with certifications from the International Association of Privacy Professionals (IAPP), including all of the following:
- Certified Information Privacy Professional (CIPP)
- Certified Information Privacy Manager (CIPM)
- Certified Information Privacy Technologists (CIPT)
- Fellow of Information Privacy (FIP)
We’re a small, collaborative team of privacy professionals. Our legal department works with our product developers and engineers to ensure the tools we provide are high quality, reliable, and compliant with data privacy legislation.
But that means we also need to disclaim some liabilities from our plates. Our compliance solutions don’t equate to actual legal advice. Termly Inc. is not a lawyer or law firm. We don’t practice law, provide legal advice, or offer legal representation.
The information, materials, services, comments, and resources we provide are for informational purposes only. As proud as we are of the integrity of our resources, we’re not a substitute for professional legal advice.
For those who collect no user data, only a small amount, or who want to increase their privacy literacy, we recommend trying a free customizable template.
But, for some companies, using a managed solution to build your policy is an excellent way to jump-start the process and save money before asking a lawyer to verify that you’re following all relevant data privacy guidelines set by any laws you fall under.
However, if your company targets children, collects very large amounts of personal data, falls under multiple complex data privacy regulations, or deals with very sensitive personal information, it might be in your best interest to request legal counsel.