GDPR Compliance

How to write and add a privacy policy to your WordPress website (in 6 steps)

From contact forms to analytics, advertisements, and social media integration, your typical website gathers a ton of information. Disclosing all of your data collection isn’t always straightforward, but it is a legal requirement.

That’s why we’ve created this complete guide to writing a privacy policy for your WordPress website. By adding this important document to your site, you can build trust with your audience and avoid potential fines — and even jail time. 

In this post, we’ll look at what a privacy policy is and why every WordPress website needs one. We’ll then show you how to author this important legal document and publish it on your site. Let’s get started! 

An introduction to privacy policies (and how your site can benefit from one)

Most website owners collect a lot of information about their audience. It may include data that people explicitly choose to share with your site, such as the information they enter into a form:

FreshySites contact form

It may also include data you gather using tracking tools. For example, you might use Google Analytics or advertising programs such as Google AdSense

You’re legally required to provide a privacy policy in many countries if your site collects personal information. This is a statement that discloses how you plan to obtain, use, disclose, and store visitor data. 

Privacy policies are all over the web. If you visit any site, then chances are you’ll find a link to a privacy policy in either the main navigation menu or the footer:

WordPress privacy policy

Internet users are increasingly concerned about their personal data. Providing a helpful, informative privacy policy can empower your visitors to make more informed decisions about the data they decide to share. You can also present your website as upfront and honest, which is vital for building trust and generating conversions. 

Furthermore, you need to add a privacy policy page to comply with the General Data Protection Regulation (GDPR):

GDPR data regulation

Even if you’re not located in the European Union (EU), the internet is international. As such, there’s a very high chance that EU users will visit your site at some point.

If you fail to comply with the GDPR, you could be fined up to €20 million, or 4 percent of your organization’s annual global turnover. In severe cases, the violation may even result in a prison sentence. 

With the stakes high, creating a GDPR-compliant website is essential. Therefore, you’ll need to write a privacy policy. 

6 steps to creating a privacy policy for your WordPress site

On paper, creating a privacy policy may sound straightforward. However, consider all of the forms, tracking tools, plugins, and advertisements that make up a typical website. With all of these elements, writing your privacy policy suddenly becomes far more daunting.

Let’s take the stress out of creating this important legal document. Here’s how to add a privacy policy to your WordPress website in six easy steps. 

Step 1: Identify all the data you collect 

Your typical site collects a wide range of data in different ways. When writing your privacy policy, you mustn’t leave anything out. 

Before you dive in, we recommend carefully considering what you need to include in your policy. Doing this can help ensure that nothing gets overlooked and potentially lands you in legal hot water.

During this planning phase, it’s wise to take stock of the data you collect and consider whether it’s absolutely necessary. Having access to lots of information about your target audience can supercharge your advertising and marketing campaigns

However, laws such as the GDPR mean there’s a significant overhead associated with acquiring and storing data. For example, you’ll need to record consent for every piece of personal information that you collect. 

It’s easy to fall into the habit of asking for data just because you can. However, it isn’t always necessary. For example, if you operate an online mailing list, you don’t necessarily need to know a subscriber’s postal address. 

If you request this information as part of the signup process, you’re potentially creating more work for minimal reward. By rethinking your approach, you can immediately reduce your workload while making it easier to write your privacy policy.

Step 2: Describe how you collect and use data 

In your privacy policy, you’ll disclose all of the personal data that you gather and how it’s collected. You can write this content as a single section or break it into multiple clauses. Since this disclosure forms the bulk of your privacy policy, you may want to consider formatting it as a list rather than a solid block of text. 

Some data collection will be pretty straightforward and obvious, such as user-submitted forms. However, other points may be more subtle. 

To avoid missing out on hidden collection points, we recommend checking out some third-party policies. Social media privacy disclosures are excellent examples, as these sites tend to record a lot of information. 

Simply reading through policies from companies such as LinkedIn and social network giant Facebook may help you identify hidden collection points on your own website: 

Facebook privacy policy

After identifying all of the information you gather, it’s wise to explain why it’s required. By justifying your data collection, you can build trust with your visitors. It can also be helpful to evaluate whether you’re still saving any unnecessary data. 

Wherever possible, try to write the data disclosure section to emphasize how your collection benefits the visitor. For example, you might stress that tracking tools help you provide a more personalized experience. 

You should also disclose any information that you plan to share with third parties. Don’t forget to detail the circumstances under which you’ll allow this third-party access.

Step 3: Add a data protection policy 

Your typical internet user is extremely worried about their information falling into the wrong hands. If a malicious third party managed to access this personal data, they could wreak havoc. 

For example, the attacker might hack into their accounts, purchase products using stolen credit card details, or perform other fraudulent activities.

For this reason, it’s vital that you add a section confirming how you protect visitor information. However, you don’t necessarily need to detail the specific methods you use to keep your content safe. 

For example, some companies keep their data protection clause reasonably short:

Data protection policy

However, going into some detail may help put your audience at ease. If you decide to write a longer data protection clause, we recommend you avoid being too specific. The less a potential hacker knows about your security procedures, the better. 

You should also bear in mind that not every internet user has the same level of technical knowledge. Providing a detailed run-through of your encryption methods may confuse some of your less tech-savvy customers. Alternatively, you can simply state that you use an encryption method without more detail about specific security provisions.

Step 4: Ensure visitors know their rights 

If your policy needs to be GDPR-compliant, you must include a section that covers user rights. The GDPR grants EU subjects the right to access, rectify, and delete their data. In your privacy policy, you should make it clear that you uphold all of those rights:

Even if you’re not explicitly targeting GDPR-compliance, it’s still a good idea to clarify what rights visitors have over their data. 

For example, if you’re happy to provide a copy of a person’s personally identifiable information on request, you should state this in your privacy policy. As always, being upfront and transparent can improve your public perception. In turn, it can help build trust with your audience. 

However, it’s not enough to simply state the visitors’ rights. The most effective privacy policies detail how people can exercise these rights. For example, you might link to the page where users can request copies of their data.

Step 5: Consider accessibility 

Most people who visit your site won’t have in-depth, specialist knowledge about data collection and protection laws. For this reason, you should avoid using complex language.

Even if you publish your policy in multiple languages, some of your visitors may not access it in their native tongue. A second language, combined with technical legalese, may make your disclosure extremely difficult to understand.

Your typical internet user also has a short attention span. Although the concept is hotly debated, TIME magazine famously published an article implying that humans now have attention spans of just eight seconds:

TIME attention span

Your privacy policy is unlikely to be a thrilling read. However, clear and straightforward language is vital. It can increase the chances of visitors acquiring the information they need, even if they don’t read your entire disclosure.

Moreover, accessibility is more than just the kind of language you use. Even when dealing with large amounts of text, formatting can make your policy privacy more accessible:

Privacy policy accessible

It’s important to use a straightforward and navigable format. Text-heavy pages are rarely appealing. However, you can also utilize paragraphs, bullet points, and multiple subheadings to divide your policy into more palatable, bite-sized chunks. 

Step 6: Add the privacy policy to your WordPress website 

Once you’ve written your policy, it’s time to add it to your website. The good news is that WordPress provides a privacy policy template. You can easily customize it with your own content or even replace it with an entirely new page. 

To access this default policy, navigate to Settings > Privacy. You can then view the automatically-generated page by selecting Use This Page

Privacy policy WordPress page

Now, click on Edit. Doing this opens the default privacy policy in the WordPress editor. You can now add your content:

WordPress default privacy policy

When you’re happy with the information you’ve entered, simply click on Publish. This button posts your page with the default URL of /privacy-policy appended to your site’s domain:

Privacy policy published

Your privacy policy is an integral part of your site. For this reason, you’ll want to ensure it’s easy to access. Many websites include privacy policy links in their footer. Alternatively, you can feature your disclosure prominently in your main navigation menu


If you run a WordPress website, a privacy policy is a must-have. Without this vital document, you may quickly find yourself in legal hot water.

When writing your privacy policy, it’s important to detail all the data you collect and how you plan to use it. For example, you’ll need to disclose whether you share the information with any third parties. Furthermore, you’ll want your disclosure to be as accessible and easy to read as possible. 
Authoring a legally-binding privacy policy can be a daunting task, especially when you also have to consider the GDPR. At FreshySites, we can take the stress out of achieving GDPR-compliance. Our team of experienced web designers and developers can help you craft an air-tight privacy policy for your WordPress website!

See our featured website design work

Check out some of the beautiful websites we’ve built for over 2,000 clients.

We offer WordPress support & maintenance

Shake the stress of ongoing maintenance with plans supported by our team of WordPress experts.

Related articles