Website Privacy Policies

You need to know both GDPR and CCPA. But honestly, if all you're doing is having them on a mail list, it just means that you need to take them off the mailing list and/or delete their data if they ask for it. But you should be doing that no matter who the person is or where they live.

Both of these laws are based on collecting, sharing and selling/handing out data on users. This normally happens with stuff like tracking pixels and an networks, such as Doubleclick or "hey you know that shirt you looked at the other day? well here's an ad for it on facebook, you should buy that shirt." If you are not putting display ads on your site, you do not need to worry about this. If you are putting affiliate links on your site (such as you get an extra kickback if they click a special link and then buy something on, say, Amazon) then you (ethically) need to say that it is an affiliate link and you might get $$$ from it and should put something about it in your site's TOS/privacy policy (your affiliate network should have some boilerplate for it, talk to your account manager about it).

I think you're worrying yourself over nothing here. My day job is for a retail website and we have hundreds of thousands of users/week and I don't recall a GDPR thing ever coming up. And we DO collect names, addresses etc to mail your purchases to you. GDPR has never been an issue for us. I've only seen it be problems for things like news/tabloid websites which have a TON of ad networks/types of ad tracking in order to keep the lights on, and many of them just...banned any EU users from visiting their site instead of taking those down. We've had a few CCPA requests and someone just has to delete the person's profile (or as much as they can, we can't delete your address if we haven't shipped your purchase to you, the law has exceptions for stuff like that). If all you're collecting is an email address (and maybe a name) then whatever email campaign program you're using has an "unsubscribe"/GDPR/CCPA button. You only need to really think about this if you've built everything from scratch, which why would you do that.

 

Yeah, they'd have that. And if you're using Wordpress or Squarespace or whatever they probably have some, too.

 

I just use the default Wordpress page as a privacy policy page. It has some blanks you need to fill, but other than that it's pretty straightforward.

As @chasejxyx mentions, it's not that big of a deal. I doubt you'll get any complaints, and if you do, then all you need to do is remove the information you have on that user. One you should do is have an unsubscribe link in your newsletter. But Mailerlite will probably take care of that for you automatically. And it's a good idea to have one anyway, regardless of GDPR, since otherwise email providers are more likely to label you as spam. I think the other thing for newsletters is the double opt-in (where you get an email where you need to click on something to confirm your registration). Though again, that's probably something Mailerlite handles for you.

It should be noted that GDPR is mainly aimed at companies. As an individual, there's very little that actually aplies to you. I wouldn't worry about it, unless you're planning to do some massive data-scraping of the visitors of your site.