Documentation index

Getting started ›

Getting Started Guide

If you’re not a legal professional, getting your website or app to be compliant with international privacy laws can be tedious and difficult. iubenda provides several comprehensive and customizable solutions that you can seamlessly integrate into your website or app.

What you need to know

Legal Requirements

Under the vast majority of legislations, it is required to disclose data collection and to implement a method of receiving consent or facilitating its withdrawal. Failure to adhere to these laws can result in hefty fines, leave you open to litigation and negatively affect the credibility of your website or app.

By law:

  • Users need to be informed about website/app owner details, what data is being collected, their rights in regards to that data, your notification process for policy changes, the effective date of the policy and third-party access to their data (for example, third-party widgets, social buttons, ad service integrations etc). They also need to be informed about your general conditions (including sales conditions).
  • Users need to be able to give, decline or withdraw consent (depending on the regional law). In the US, the law generally requires that you give users a clear option for withdrawing consent (opt-out). Different rules apply, however, in cases involving “sensitive data” (e.g. health information, credit reports, student data, personal information of children under 13). In such cases, there must be a verifiable opt-in action such as checking a box or some other affirmative action. Compared to the US regulations, EU law (in particular the GDPR) is more stringent when it comes to consent. Consent under the GDPR, must be “explicit and freely given”. This means that the mechanism for acquiring consent must be unambiguous and involve a clear “opt-in” action (the regulation specifically forbids pre-ticked boxes and similar “opt-out” mechanisms). The regulation also gives a specific right to withdraw consent; it must be as easy to withdraw consent as it is to give it. Because consent under the GDPR is such an important issue, it’s vital that you keep clear records related to the consent attained.
  • Users need to be informed about cookie use and given the option to consent or decline. Also related to consent, the ePrivacy Directive or the Cookie Law requires users’ informed consent before storing cookies on a user’s device and tracking them.

It’s useful to remember that under GDPR regulations consent is not the ONLY reason that an organization can process user data; it is only one of the “Lawful Bases”, therefore companies can apply other lawful (within the scope of GDPR) bases for data processing activity. However, there will always be data processing activities where consent is the only or best option.

Generally, these laws apply to any service targeting residents of the region, which effectively means that it’ll most likely apply to your business whether the organization or web servers are located in the region or not. See more information on Legal Requirementshere.

Third-party Requirements

Since most third-party apps and services also need to follow the law, they may require that websites & apps meet regulatory standards.

One example is Google. In order to access certain services and tools (for example, AdSense, Google Analytics, Google Play store), Google requires that you have a comprehensive and up-to-date privacy policy in place. Here’s an excerpt from the Google Analytics terms of use:

“You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies that are used to collect traffic data, and You must not circumvent any privacy features (e.g, an opt-out) that are part of the Service.”

From time to time third party requirements can change in response to internal or regional regulations. It’s often necessary that your policies meet the latest requirements in order to avoid interruption of service. For this reason, we use embedding and NOT copy & paste. With this method, you can rest assured that your policy is up to date and being maintained remotely by our legal team.

You can read more about Google’s requirements here and here.
You can read more about Apple’s requirements here and here.

How iubenda can help

iubenda’s approach to compliance

Here at iubenda, we believe in the importance of a comprehensive approach to data law compliance. We keep track of the major legislations and build solutions with the strictest regulations in mind, giving you full options to customize as needed. This way, you can ensure that you meet your legal obligations (regardless of where your customers are located), reduce your risk of litigation and protect your customers —building trust and credibility.
Read more about our features.

Here’s what you need to get started with full compliance:

Informing users about personal data with a privacy policy
As mentioned above, users must be informed about how you use their personal data. As such, privacy policies are legally required almost everywhere in the world. This legal document should state the ways in which your website or app collects, processes, stores, shares and protects user data, the purposes for doing so and the rights of the users in that regard.

Our Privacy Policy Generator is affordable, available in several languages, lawyer crafted, customizable and self-updating (as it’s monitored remotely by our lawyers). It easily allows you to create a beautiful, precise privacy policy and seamlessly integrate it with your website or app. You can simply add any of several pre-created clauses at the click of a button or easily write your own custom clauses. The privacy policy also comes with the option to include a cookie policy (it’s necessary to include it if your website or app is using cookies). The policies are customized to your needs and remotely maintained by a legal team.

For more information on privacy policies click here.

Complying with the EU Cookie Law
Because using cookies means both processing user data and installing files used for tracking, it is a major point of concern when it comes to user data privacy rights. For this reason, if you operate in the EU or could potentially have EU users, you need to comply with the Cookie Law. There are two partsto this:

  • Cookie policy, which you can find included as an option in the privacy policy generator mentioned above.
  • Cookie banner which you can get with the iubenda Cookie solution.

Our Cookie solution complies with provisions of the European cookie law-banner management. It allows you to easily inform users and obtain their consent while including the option to block any scripts that install cookies without prior consent (which is required in many EU countries). It’s easy to run, fast and does not require heavy investments.

For more information on our cookie solution click here.


Start Generating


What to read next:

Still have questions? Shoot us a message or attend one of our free webinars here.

Still have questions?

Visit our support forum Email us