HomeFix guides → Privacy policy linked

gdpr

How to fix: Privacy policy linked

GDPR Art. 13 + Art. 14

Why this matters

GDPR Article 13 requires that visitors are told what personal data you collect, why, and what their rights are. A linked privacy policy is the minimum mechanism. Without one, you're collecting data without consent or notice.

Background

A privacy policy is required content under GDPR Art. 13/14 — not optional, not boilerplate. It must say who the controller is, what data is collected, the lawful basis, retention periods, third-party recipients, and how to exercise data subject rights. A missing or stub policy is a regulatory exposure that's checked by every data-protection authority.

References

GDPR Art. 13 + Art. 14 (transparent information requirements)

How to fix

Code snippet for each stack we cover. Pick the one matching your server / framework.

nginx
Not an nginx concern — content responsibility.
apache
Same.
cloudflare
Same.
wordpress
Use the built-in 'Privacy → Settings' draft as a starting point, then have a lawyer review. Generic policy generators are NOT compliant.
flask
Publish at /privacy-policy. Include controller identity, purposes, lawful basis, retention, rights, DPO contact.
express
Same — serve from /privacy-policy. Avoid template generators without review.
rails
Same — public/privacy-policy or a controller-rendered page.

Verify it's working

Manual: open /privacy-policy. It should name the controller (your company), list cookies + categories of data, name the lawful basis for each, and have a date 'last updated'.

Want to know if your site has this issue?

Run a free 53-check audit — security, GDPR, NIS2, and technical SEO.

Audit my site →