Data privacy regulations are more than just legal requirements—they’re a fundamental part of building trust with your customers. Whether you run an eCommerce store, a service-based business, or a content platform, you likely collect and/or share user data. But are you handling that data in a way that meets data privacy compliance standards?

Laws like the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) require businesses to disclose how they collect and process user data. Ignoring these laws can lead to hefty fines, legal trouble, and a loss of customer trust.

Fortunately, implementing data privacy features on your website doesn’t have to be complicated. In this guide, we’ll break down the three key pieces of a website’s privacy disclosures:

• Privacy Policies – Why you need one and what it must contain.
• CCPA ‘Do Not Sell My Info’ Page – Required for businesses collecting California consumer data.
• GDPR-Compliant Cookie Consent – Required for websites serving customers in the EU or getting significant traffic from European users, this cookie consent banner ensures your website respects user choices for cookie tracking.

We’ll also provide examples of these three types of disclosures and show you how to set them up on Webflow and Shopify.

If you want to ensure your website is compliant but don’t know where to start, then we’d be happy to set up the necessary data privacy disclosures for you. Feel free to schedule a meeting with us here to get the help you need.

1. Privacy Policy: The Foundation of Compliance

Every website that collects any customer data (names, emails, payment details, IP addresses, etc.) needs a Privacy Policy. This isn’t just a best practice—it’s a legal requirement under multiple privacy laws, including CCPA (for California users), GDPR (for users in the European Union), other U.S. state laws such as Virginia’s CDPA and Colorado’s CPA, and eCommerce platform terms of service (Shopify, Webflow, and other major platforms require privacy policies)

Even if your business isn’t based in California or the EU, you are still required to comply if you serve customers in these regions.

What’s Included in a Privacy Policy?

A Privacy Policy is a publicly accessible document that explains:

• What data you collect (e.g., names, emails, IP addresses, cookies)
• How you collect data (e.g., contact forms, checkout pages, tracking scripts)
• Why you collect it (e.g., marketing, order fulfillment, analytics)
• Who you share it with (e.g., third-party apps, payment processors)
• How users can control their data (e.g., request deletion, update preferences)

Companies like Apple, Shopify, and Google are all great examples of how to make your privacy policy easy to read, navigate, and understand. Of course, privacy policies don’t need to be elaborate or well-designed. They can be just a page with words on it. 

How to Implement a Privacy Policy

On Webflow:

1. Create a static page for your privacy policy.
2. Use a privacy policy generator or draft a custom policy tailored to your business.
3. Add the page to your website footer and key areas like checkout and account creation.

On Shopify:

1. Use Shopify’s built-in privacy policy generator found in Settings > Customer Privacy > Privacy Policy.
2. Customize the policy to match your business practices.
3. Add the page link to your footer, checkout pages, and customer account area.

PLEASE NOTE: We recommend having a lawyer review any legal documents or content that you use for the Privacy Policy to ensure it addresses the specific functions of your website.

2. CCPA ‘Do Not Sell My Info’ Page

The state of California is pioneering data privacy laws in the United States under the California Consumer Privacy Act (CCPA), which gives California citizens the right to know, the right to delete, the right to opt-out of, the right to correct, and the right to limit the personal information collected on them by businesses. While the act is generally focused on limiting the otherwise uninhibited data brokers, it can encompass any business that serves California residents.

If your website collects, shares, or sells personal information from California residents, you must include a Do Not Sell My Info page. The CCPA applies to for-profit businesses that do business in California and meet any of the following:

• Have a gross annual revenue of over $25 million;
• Buy, sell, or share the personal information of 100,000 or more California residents or households; or
• Derive 50% or more of their annual revenue from selling California residents’ personal information.

Even if you don’t sell data, you may still need this page if you use ad tracking services like Google Ads or Meta Pixel.

What’s On A CCPA ‘Do Not Sell My Info’ Page?

A good ‘Do Not Sell My Info’ page should first and foremost clearly explain the consumer’s rights on your platform – all of the rights mentioned in the CCPA. Second, the page should include links to the full privacy policy. Lastly, the page should include a form that gives users the ability to opt-out of the collection and sale of their personal data.

If you’re looking for examples, we’ve successfully implemented CCPA compliant pages for our clients Fat Shack and Intrepid Benefits.

How to Implement a CCPA Page

On Webflow:

1. Create a new page titled “Do Not Sell” or “Do Not Sell My Personal Information.”
2. Include the disclosure information outlined by the CCPA here.
3. Include an opt-out form or contact method for users to request removal.
4. Link this page in your footer and privacy policy.

On Shopify:

1. Use Shopify’s out-of-the-box CCPA compliance page found in Settings > Customer Privacy > Data sales opt-out page.
2. Or, create a custom page, include the disclosure information outlined by the CCPA here, and add an opt-out form.
3. In both cases, ensure links are easily accessible in the footer and checkout areas.

3. GDPR-Compliant Cookie Consent Banner

If your website receives traffic from Europe, GDPR requires you to obtain explicit user consent before storing cookies or tracking them. This means if you use Google Analytics, the Meta Pixel, or other ad trackers on your website, and have even a single person from Europe using your website, then you need to offer cookie consent.

Of course, it’s unlikely that a website who gets a few hundred European visitors every month will be litigated over GDPR non-compliance. But it’s better to be safe than sorry. Not to mention, cookie consent banners are fairly easy to implement.

What Is A Cookie Consent Banner?

You’ve likely already experienced cookie consent banners in droves. It’s that popup that asks you to accept, decline, or customize preferences regarding the site storing cookies on your device. They’re usually quite large and hard to miss. A cookie consent banner needs to give users the ability to decline data tracking, in addition to informing them of what data is collected and how it is used.

At the bottom of the VTRVR website, you’ll see how we implemented this cookie consent pop-up for them. If you go to most major websites – i.e. BBC, HubSpot, ESPN, etc. – you’ll likely come across one of these banners too.

How to Implement A Cookie Consent Banner

On Webflow:

1. Choose a third-party tool that offers cookie consent forms.
2. Embed the script in Webflow’s custom code section.
3. Ensure users can opt in/out before tracking starts.

On Shopify:

1. Enable Shopify’s built-in cookie consent tool found in Settings > Customer Privacy > Cookie Banner.
2. Customize the banner text to explain your cookie usage.
3. Ensure compliance for EU visitors.

What’s The Worst That Could Happen?

The laggards will find themselves in lawsuits and/or receive hefty fines. It’s inevitable. Failing to comply with data privacy laws isn’t just a technical oversight—it’s a liability that can cost you heavily in lawsuits, fines, and customer trust.

Governments are being pressured to crack down on consumer privacy and you don’t want to be caught in the crosshairs. Recently, we’ve seen countless companies get litigated over website accessibility standards. The same holds true for data privacy.

The good news? These are simple fixes that can be implemented quickly.

If you want help implementing these privacy protections, we’re happy to help! Please feel free to schedule time with us here to go over your website’s data privacy compliance.