When we call ourselves your all-in-one compliance solution, we mean it.
Our legal team and data privacy experts created our Policy Generators and Consent Management Platform to help small to medium-sized businesses around the globe comply with legislation like the:
And that’s just the tip of the iceberg.
In just a few clicks, you can configure our Consent Management Platform to follow regulations in over 80 regions.
Read on to learn about every data privacy law, regulation, and piece of legislation that Termly covers.
What Services Does Termly Offer?
We provide customizable and personalized legal agreements, website policies, and other documents necessary for businesses to operate safely and legally online.
Our main expertise is in privacy compliance, but we also offer recommended documents like terms and conditions, return policies, and shipping policies to help improve your internal procedures and streamline customer services.
The table below shows a complete list of our current offerings.
| Policy Generators | Free Templates | Consent Management |
| Privacy Policy Generator | Privacy Policy Template | Consent Management Platform |
| Terms and Conditions Generator | Terms and Conditions Template | Cookie Banners |
| Cookie Policy Generator | Cookie Policy Template | Cookie Scanner |
| End-user License Agreement Generator | End-use License Agreement Template | Cookie Consent Manager |
| Disclaimer Generator | Disclaimer Template | Data Subject Access Request (DSAR) Forms |
| Shipping Policy Generator | Shipping Policy Template | |
| Return Policy Generator | Return Policy Template | |
| Acceptable Use Policy Generator | Acceptable Use Policy Template | |
| Data Processing Agreement Generator* | Data Processing Agreement Template* |
*Coming soon
Despite how common most of these documents are, they’re still challenging to make and take up a lot of precious time, resources, and energy — especially if you fall under the jurisdiction of different data privacy or consumer protection laws.
To remove those burdens from your plate, we created easy-to-use, accessible, and legally compliant tools and policy generators so you can make effective policies quickly and affordably.
Which Laws Does Termly Cover?
You can use our privacy policy generator to comply with all of the following data privacy legislation:
- General Data Protection Regulation (GDPR)
- UK GDPR
- ePrivacy Directive (EU Cookie Law)
- Amended California Consumer Privacy Act (CCPA)
- California Online Privacy Protection Act (CalOPPA)
- Virginia Consumer Data Protection Act (CDPA)
- Personal Information Protection and Electronic Documents Act (PIPEDA)
You can configure our consent management solution to comply with regulations in these regions:
- United States
- European Union
- Argentina
- Australia
- Brazil
- Canada
- Chile
- China
- Colombia
- Czech Republic
- Hong Kong
- India
- Japan
- Kazakhstan
- Malaysia
- Mexico
- Morocco
- New Zealand
- Nigeria
- Philippines
- Singapore
- South Africa
- South Korea
- Switzerland
- Taiwan
- Turkey
- United Kingdom
Both of these lists constantly evolve because we update our compliance solutions whenever laws change or if new ones come into force — we mention a few regulations and developments we’re already preparing for later in this article.
Not Legally Required
Agreements like your terms and conditions, return policy, and shipping policy technically aren’t required by any pieces of legislation. But using them is a best practice that helps protect your company and creates a better overall user experience for your consumers.
We built our tools to help you comply with consumer protection laws enforced by groups like the:
Policy Generators
In the next sections, we briefly summarize how some of the laws mentioned above apply to our policy generators.
General Data Protection Regulation (GDPR)
Where It Applies
The GDPR originates from the European Union (EU) and protects the rights of citizens in the EU and the European Economic Area (EEA), but it has an extraterritorial scope and covers businesses outside of traditional territorial boundaries.
What It Effects
| What the GDPR Effects | Requirements | Termly’s Solutions |
| Privacy Policy | You’re obligated to inform consumers about:
|
Privacy Policy Generator and Privacy Policy Template |
| Consent Management | You must obtain explicit, active, and informed opt-in consent from consumers before any personal data collection begins and give them a way to opt out just as easily. | Consent Management Platform |
| Cookie Policy | Cookies and other trackers qualify as personal information under the GDPR. | Cookie Policy Generator and Cookie Policy Template |
| End-user License Agreements (EULA) | If you sell software, put a privacy clause in your EULA with a link to your privacy policy to adequately inform consumers about your privacy practices | EULA Generator and EULA Template |
| Data Processing Agreements (DPA) | If you rely on a third party to process data, you must create contracts following explicit legal guidelines outlined by the GDPR, which can be achieved using a DPA. | Termly solutions coming soon! |
| Data Subject Access Request (DSAR) form | Use a DSAR form to allow your data subjects to follow through on their right to request access, amend, correct, or delete their personal information. | Free DSAR form for all Termly users |
| Terms and Conditions Agreement | You must inform consumers about your privacy practices, which should be outlined in a privacy clause in your terms, and include a live link to your privacy policy. | Terms and Conditions Generator and Terms and Conditions Template |
Who It Effects
GDPR applies to any organization that collects, processes, or stores the personal data of individuals located in the European Union, Island, Norway, Lichtenstein or Switzerland(EU), regardless of where the organization is located. This includes businesses, non-profits, and government agencies, whether they are based within or outside the EU.
Additionally, data processors that handle personal data on behalf of organizations that are subject to GDPR must also comply with its regulations
Effective Date
Approved in 2016, in force since May 25, 2018
Description
Known as the world’s strictest data privacy regulation, the GDPR has a global impact and requires businesses that collect personal information from EU and EEA users to:
- Establish lawfull basis for data processing before any data collection beings
- Give users a way to opt-out of consent at any time
- Provide a means for users to follow through on their rights to amend, correct, access, or delete their personal information
- Inform consumers about data collection practices using a GDPR-compliant privacy policy
- Create contacts or DPAs with any third party entities that have access to user data
ePrivacy Directive (EU Cookie Law)
Where It Applies
The EU Cookie Law Originates from the EU and protects the rights of EU citizens. Because this is a directive, it requires Member States to achieve specific results without explicitly saying how, allowing each location to attain the goals in unique ways.
| What the ePrivacy Directive Effects | Requirements | Termly’s Solutions |
| Privacy Policy | You must include details about your use of cookies or other trackers in your privacy policy because they qualify as personal information. | Privacy Policy Generator and Privacy Policy Template |
| Consent Management | Businesses under this directive must obtain consent from consumers before placing cookies or other trackers on their browsers. | Consent Management Platform |
| Cookie Policy | Consumers have the right to be informed, so you must provide an accurate cookie policy. | Cookie Policy Generator and Cookie Policy Template |
| End-user License Agreements (EULA) | If you sell software, include a cookie clause in your EULA with a live link to your cookie policy to avoid fines for noncompliance. | EULA Generator and EULA Template |
| Terms and Conditions Agreement | It’s a best practice to add a cookie clause to your terms with a live link to your cookie policy to avoid noncompliance under this regulation. | Terms and Conditions Generator and Terms and Conditions Template |
Who It Effects
Any website with visitors from the EU that uses cookies or other tracking technology falls under the EU Cookie Law.
Effective Date
May 2011
Description
The ePrivacy Directive provides provisions on how entities can process personal data and requires businesses to protect the information.
Additionally, the directive outlines guidance on:
- Network and service security
- Keeping communications confidential
- Access to personal data
- Processing traffic and location data
- Spam or unsolicited communications
- Caller identification
- Public directories
- Notification of data breaches
- Electronic tags and trackers, like cookies or other technology
Data Protection Act of 2018 (UK GDPR)
Where It Applies
The UK GDPR originates in the United Kingdom and protects the rights of UK citizens, but it has an extraterritorial scope and covers entities beyond traditional territorial boundaries.
| What the UK GDPR Effects | Requirements | Termly’s Solutions |
| Privacy Policy | You must inform users about:
|
Privacy Policy Generator and Privacy Policy Template |
| Consent Management | You must obtain explicit, active, and informed opt-in consent from consumers before any personal data collection begins and give them a way to opt out just as easily. | Consent Management Platform |
| Cookie Policy | Cookies and other trackers qualify as personal information under the UK GDPR. | Cookie Policy Generator and Cookie Policy Template |
| End-user License Agreements (EULA) | If you sell software, put a privacy clause in your EULA with a link to your privacy policy to inform consumers about your privacy practices. | EULA Generator and EULA Template |
| Data Processing Agreements (DPA) | If you rely on a third party to process data, you must create contracts following explicit legal guidelines outlined by the UK GDPR, which can be achieved using a DPA. | Termly solutions coming soon! |
| Data Subject Access Request (DSAR) form | Use a DSAR form to allow your data subjects to follow through on their right to request access, amend, correct, or delete their personal information. | Free DSAR form for all Termly users |
| Terms and Conditions Agreement | To keep users informed about your privacy practices, put a privacy clause in your terms and include a live link to your privacy policy. | Terms and Conditions Generator and Terms and Conditions Template |
Who It Effects
Any organization offering goods or services to UK citizens who process their personal data falls under the jurisdiction of the UK GDPR.
Effective Date
January 1, 2021
Description
The UK GDPR essentially mirrors the EU GDPR, but it accounts for domestic areas of UK law.
According to the Information Commissioner’s Office (ICO), the UK version of the regulation incorporated all provisions of the EU GDPR, so the data privacy requirements are the same.
Amended California Consumer Privacy Act (CCPA)
Where It Applies:
The CCPA protects the rights of Californian citizens in the United States but has an extraterritorial scope.
In January 2023, the California Privacy Rights Act (CPRA) officially amended portions of the CCPA. All changes are currently in force.
What It Effects:
| What the amended CCPA Effects | Requirements | Termly’s Solutions |
| Privacy Policy | You’re obligated to inform consumers:
|
Privacy Policy Generator and Privacy Policy Template |
| Consent Management | You must provide consumers with a way to opt out of data collection using visible privacy settings. | Consent Management Platform |
| Cookie Policy | Cookies qualify as personal information, and consumers have the right to know which ones your site uses. | Cookie Policy Generator and Cookie Policy Template |
| End-user License Agreements (EULA) | If you sell software, it’s a best practice to include a California-specific privacy clause in your EULA and link to your privacy policy. | EULA Generator and EULA Template |
| Data Processing Agreements (DPA) | If any third-party entities process your consumers’ data, you must create specific contacts or DPAs with them that follow the guidelines outlined by this law. | Termly solutions coming soon! |
| Data Subject Access Request (DSAR) form | Use a DSAR form to give your users a way to act on their privacy rights, like requesting to access or delete their personal information. | Free DSAR form for all Termly users |
| Terms and Conditions Agreement | It’s a best practice to add a California-specific privacy clause in your terms and include a live link to your privacy policy | Terms and Conditions Generator and Terms and Conditions Template |
Who It Effects
The CCPA as amended applies to any for-profit entity doing business in California that meets any one of the following thresholds:
- Earned $25 million in gross annual revenue as of January 1 from the previous calendar year
- Annually buys, sells, or shares the personal information of 100,000 or more California consumers or households
- Derived 50% or more of your gross annual revenue from the selling or sharing of personal information
Effective Date
Originally enacted on January 1, 2020, the CPRA amendments went into force on January 1, 2023
Description
The amended CCPA obligates businesses to inform consumers that personal data is collected and provide a way for them to opt out of the collection using visible privacy settings.
You must also implement the following links on your website or app, which are available through our consent management tools:
- Publish a “Do Not Sell or Share My Personal Information” link
- Publish a “Limit the Use of My Sensitive Information” link
- Or honor users’ consent preference settings on their browsers
California Online Privacy Protection Act (CalOPPA)
Where It Applies
CalOPPA protects the rights of California citizens in the US but has an extraterritorial scope.
What It Effects
| What CalOPPA Effects | Requirements | Termly’s Solutions |
| Privacy Policy | You must inform users about:
|
Privacy Policy Generator and Privacy Policy Template |
Who It Effects
This law applies to any website with visitors from California.
Effective Date
July 1, 2004
Description
CalOPPA requires websites to post compliant privacy policies and impacts how they’re presented, phrased, and implemented. They must be easy to find, navigate through, and read.
The Virginia Consumer Data Protection Act (CDPA)
Where It Applies
The Virginia CDPA protects the rights of Virginia consumers in the US but has an extraterritorial scope.
What It Effects
| What the Virginia CDPA Effects | Requirements | Termly’s Solutions |
| Privacy Policy | You must provide consumers with a clear, reasonably accessible, and meaningful privacy policy and present and explain all consumer rights in a straightforward manner. | Privacy Policy Generator and Privacy Policy Template |
| Consent Management | You’re obligated to provide a manner in which consumers can opt out of the selling of their data to third parties or the processing of personal data for targeted advertising. | Consent Management Platform |
| Cookie Policy | Because cookies qualify as personal information under this law, you must provide users with an accurate policy outlining all cookies and trackers your site uses. | Cookie Policy Generator and Cookie Policy Template |
| End-user License Agreements (EULA) | If you sell software, you should include a privacy clause in your EULA and put a live link to your privacy policy so users can access the agreement | EULA Generator and EULA Template |
| Data Processing Agreements (DPA) | If any third party entities process your users’ data, you must create contacts following guidelines outlined by the CDPA, which is achievable using a DPA. | Termly solutions coming soon! |
| Data Subject Access Request (DSAR or SAR) form | You must provide users with a clear means for following through on their rights to request to access, correct, or delete their data, which is attainable with DSAR forms. | Free DSAR form for all Termly users |
Who It Effects
Persons or entities doing business in Virginia or producing products and services targeted to Virginia residents who meet one of the following thresholds fall under this law:
- Controls or processes the personal data of at least 100,000 consumers
- Derives 50% of gross revenue from the sale of personal data and controls or processes the personal data of at least 25,000 consumers
Effective Date
January 1, 2023
Description
This Virginia state law is similar to the CCPA and outlines consumer privacy rights and describes business obligations regarding data collection, processing, use, and storage.
Entities under the CDPA must also comply with requirements of proportionality and necessity and establish security safeguards to protect personal information.
Personal Information Protection and Electronic Documents Act (PIPEDA)
Where It Applies
PIPEDA protects the rights of Canadian citizens except for those in:
- Alberta
- Columbia
- Quebec
But it does apply if the organization collecting the data performs federal work or the personal information crosses provincial borders for commercial activity.
It also does not cover citizens from:
- New Brunswick
- Newfoundland
- Labrador
- Nova Scotia
- Ontario
This is primarily regarding health data, which is protected by specific provincial health laws in those regions.
The law is ambiguous about its extraterritorial scope. Still, the Federal Court of Canada found it may apply to businesses if there’s a substantial connection between the other party and Canada.
What It Effects
| What PIPEDA Effects | Requirements | Termly’s Solutions |
| Privacy Policy | Using a privacy policy allows you to state the purpose for data collection, which is one of the fair information principles of PIPEDA. | Privacy Policy Generator and Privacy Policy Template |
| Consent Management | You must obtain consent from users before any data collection, use, or disclosure of the information occurs. | Consent Management Platform |
| Cookie Policy | Cookies qualify as personal information under this law, so you must present users with a clear description of all cookies or trackers your site uses. | Cookie Policy Generator and Cookie Policy Template |
Who It Effects
Any organization that collects and uses personal information in connection with commercial activities, including selling or sharing donors, membership, or fundraising lists, falls under PIPEDA.
Effective Date
January 1, 2001
Description
While PIPEDA has a more limited scope than other data privacy legislation, businesses under this law must follow the 10 fair information principles:
- Accountability: Your business is responsible for the personal information it stores and must appoint someone to ensure your organization’s compliance.
- Identifying Purposes: You must state the purposes for data collection before or at the time of data collection.
- Consent: You must obtain implicit or explicit consent to collect, use, and share personal information, either opt-in or opt-out depending on the sensitivity of the data collected.
- Limiting Collection: You must only collect the necessary amount of information for processing purposes.
- Limiting Use, Disclosure, and Retention: You must use personal information only for stated purposes unless you get consent from users for the new purpose.
- Accuracy: Your organization must keep personal information accurate, complete, and up-to-date.
- Safeguards: You must implement security measures to protect personal data.
- Openness: Your business must be transparent about its data handling practices to the public.
- Individual Access: You must honor users’ rights in accessing, reviewing, and correcting personal information.
- Challenging Compliance: Individuals have the right to challenge an organization’s compliance with the principles and should address inquiries to the person responsible for the organization’s compliance, typically the chief privacy officer.
FTC’s Guidelines for Ecommerce Businesses
Where It Applies
The FTC is an independent entity that enforces consumer protection and antitrust laws in the United States.
In terms of consumer privacy, the FTC’s scope includes regulating and enforcing compliance with privacy laws and guidelines, investigating and prosecuting companies that engage in unfair or deceptive practices related to data collection, use, and sharing, and providing guidance and education to consumers and businesses about privacy best practices.
What It Effects
| What the FTC Effects | Requirements | Termly’s Solutions |
| Privacy Policy | The FTC recommends that ecommerce businesses use privacy policies. If your business targets children, you must use one under COPPA, an FTC-enforced law. | Privacy Policy Generator and Privacy Policy Template |
| End-user License Agreements (EULA) | If you sell software, you may need to include certain disclaimers and clauses due to applicable laws you fall under that the FTC enforces. | EULA Generatorand EULA Template |
| Terms and Conditions Agreement | You may need to include certain disclaimers and clauses in your terms due to applicable laws you fall under that may be enforced by the FTC. | Terms and Conditions Generator and Terms and Conditions Template |
| Disclaimers | Depending on applicable laws, the FTC may require ecommerce businesses to use DMCA, copyright, fair use, warranty, or affiliate disclaimers, which often go in your terms and conditions. | Disclaimer Generator and Disclaimers Template |
Who It Effects
The laws the FTC enforces typically impact businesses from around the globe that target US consumers.
Effective Date
The FTC was formed in 1916
Description
The FTC publishes guidelines for businesses in the US to maintain and enforce fair competition and practices, some of which impact your website policies.
For example, the following laws impact clauses, disclosures, or disclaimers that typically belong in a terms and conditions agreement or EULA:
- The Federal Trade Commission Act
- The Copyright Act of 1976 (Title 17)
- Children’s Online Privacy Protection Act (COPPA)
- Digital Millennium Copyright Act (DMCA)
Consent Management
Some laws and regulations impact consent management on your site or app and may require you to provide the following options for your consumers, depending on their rights:
- Opt-in consent for certain types of personal data collection, processing, and uses
- Opt-out consent for certain types of personal data collection, processing, and uses
Our Consent Management Platform is configurable to comply with the opt-in and opt-out consent requirements in nearly 80 different regions. Let’s discuss how in the next sections.
How To Configure Our CMP for Opt-In Consent Requirements
Opt-in consent is when a user actively and knowingly agrees to have their data collected or used in specific ways before it happens.
To configure our CMP tools for regions that require opt-in consent for data collection, ensure you do all of the following steps:
- Have the consent banner enabled
- Turn the Decline button on
- Turn the ‘Preference’ button on
- Select ‘Opt-in’
- Turn off the ‘Implied Consent’ option
See a screenshot of these settings below.
You must offer an opt-in consent option if your users come from any of the following regions:
- United States, Virginia — Consumer Data Protection Act (CDPA)
- European Union (EU) — General Data Protection Regulation (GDPR)
- Argentina — Personal Data Protection Act (PDPA)
- Brazil — General Data Protection Law (LGPD)
- Canada — Personal Information Protection and Electronic Documents Act (PIPEDA)
- Chile — the Protection of Private Life (as amended)
- China — Personal Information Protection Law (PIPL)
- Colombia — the Data Protection Law (Law 1581)
- Czech Republic — Amending Certain Acts in Connection with the Adoption of the Act on the Processing of Personal Data (the Amending Act)
- Japan — Act on the Protection of Personal Information (APPI)
- Kazakhstan — Law of the Republic of Kazakhstan on Personal Data and Its Protection (the Personal Data Law)
- Malaysia — Personal Data Protection Act 2010 (PDPA)
- Mexico — the General Law on Protection of Personal Data Held by Mandated Parties (the Public Sector Law)
- Morocco — the Protection of Individuals with Regard to the Processing of Personal Data (the Law)
- Nigeria — Nigerian Data Protection Regulation (NDPR)
- Philippines — Data Privacy Act of 2012 (DPA)
- Singapore — Personal Data Protection Act (PDPA)
- South Africa — Protection of Personal Information Act (POPIA)
- South Korea — Personal Information Protection Act (PIPA)
- Taiwan — Personal Data Protection Act (PDPA)
- Turkey — Law on Protection of Personal Data No. 6698 (the Data Protection Law)
- United Kingdom (UK) — the Data Protection Act (UK GDPR)
How to Configure Our CMP for Opt-Out Consent Requirements
Legally, when opt-out consent is required, you can set cookies and collect personal information but must provide your users with an easy and obvious way to opt-out.
To configure our CMP tools for opt-out consent requirements, follow these steps:
- Decide if you want to enable the consent banner or not
- If you choose to enable the consent banner, turn the ‘Decline’ button on
- Select ‘opt out’
- Determine if you want to turn on ‘scroll to consent’ or not
- Ensure the consent preference center is easy to find on your website so that users can act on their rights
Below, see a screenshot of these opt-out settings.
If your users live in any of the following regions, you must offer them an opt-out consent option:
- Australia — the Privacy Act of 1988 (The Privacy Act)
- Hong Kong — Personal Data Privacy Ordinance (PDPO)
- India — The IT Act and SPDI Rules (Learn more here)
- New Zealand — Privacy Act 2020 (the 2020 Privacy Act)
- Switzerland — Federal Act on Data Protection (FADP)
- United States, California — amended California Consumer Privacy Act (CCPA)
How Do We Stay Up To Date With New Laws?
Our dedicated legal team stays up to date with new and changing laws by:
- Monitoring and tracking bills, acts, and existing pieces of legislation
- Researching upcoming laws and staying on top of privacy-related news
- Training our entire team about privacy best practices, both internally and externally
- Collaboratively working together — our legal team and data privacy experts work with our product engineers and help maintain all of our tools and services
For example, right now, we’re currently preparing for the:
- Impending 2024 cookiepocalypse
- Connecticut Personal Data Privacy and Online Monitoring Act (CTPDA) — in force July 1, 2023
- Colorado Privacy Act (CPA) — in force July 1, 2023
- Utah’s Consumer Privacy Act (UCPA) — in force December 31, 2023
Plus, we’re monitoring the:
- Michigan Personal Data Privacy Act (PDPA)
- European Union’s Artificial Intelligence Act (EU AI Act)
- American Data Privacy and Protection Act (ADPPA)
How Often Do We Update Our Services?
We monitor our tools and services constantly — that’s simply part of our role as privacy compliance partners trusted by thousands of businesses — but we try to deliver updates at least quarterly.
Plus, we make changes to our tools whenever data privacy laws evolve that impact the website policies and agreements we provide.
We email our Termly customers about the changes and service updates as soon as possible. Sometimes we publish a press release-style article about it, too — like this one about our Privacy Policy Generator.
We believe everyone has a right to know how their data gets tracked and used online. Any business that wants to increase its privacy compliance should be able to do so easily and affordably.
So all our tools and resources are built, monitored, and maintained with those goals in mind.
Summary
We built our generators, templates, CMP tools, and compliance solutions to help businesses easily comply with data privacy laws from around the globe.
By working with our legal team and data privacy experts, we can offer you easily adaptable tools that meet the legal requirements outlined by regulations like the GDPR, the amended CCPA, and so much more.
We promise to keep looking forward and continuously update our tools and offerings as new laws come into force, so you can focus on what matters most — your business.
More about the author
Written by Etienne Cussol CIPP/E, CIPM
Etienne is an Information Privacy professional and compliance analyst for Termly. He has been with us since 2021, managing our own compliance with data protection laws and participating in our marketing researches. His fields of expertise - and interest - include data protection (GDPR, ePrivacy Directive, CCPA), tracking technologies (third-party... More about the author
