Last modified: March 19, 2025 at 8:05pm

Drupal CMS provides a stub privacy policy page and a preconfigured footer link to simplify sharing your organization’s privacy policy with site visitors. Various texts in the Drupal CMS consent manager link to this privacy policy, so it’s important to update and publish it to avoid broken links.

In this tutorial, we’ll walk through how to edit the default privacy policy page to include your organization’s privacy policy and publish it. Since the privacy policy is linked to via other privacy and data-protection-related features in Drupal CMS, we suggest you prioritize this task to avoid broken links.

What is a privacy policy?

privacy policy (Wikipedia) is a legal document that explains how your website collects, uses, stores, and protects user data.

Depending on where your organization does business, local laws may require that you publish a privacy policy.

Even if not legally required, a privacy policy helps build trust by outlining data collection practices, usage, sharing, and user rights. Regulations such as GDPR and CCPA offer guidance for creating policies that respect user privacy.

In Drupal CMS, the consent manager links to the privacy policy, so it’s important to update and publish it to avoid broken links.
 

What should I include in my privacy policy?

A privacy policy helps users understand how their data is collected, used, and protected on your website. When creating or updating your privacy policy in Drupal CMS, consider including the following:

  • Clearly define what types of data your site collects, such as:
    • Personally Identifiable Information (PII)
      • Examples: Names, email addresses, location data
    • Non-personal data
      • Examples: Browser type, IP address
  • Explain why this data is collected, such as improving user experience, processing transactions, or meeting legal requirements.
  • Describe how collected data is processed, including analytics, marketing, and third-party integrations.
  • If your site shares user data with external services (e.g., analytics providers, payment processors), specify who has access and why.
  • Outline the security practices in place to safeguard user data from unauthorized access or breaches.
  • Provide information on how users can access, modify, or request the deletion of their data.
  • If your site uses cookies or tracking scripts, explain their purpose and how users can manage their consent.
  • Include details on how users will be notified of updates to the privacy policy and where they can review the latest version.

And while this is a good framework to start, remember this is a legal document and it is a good idea to consult your lawyer or other legal advisors about its content.

Add a privacy policy

When Drupal CMS is first installed, a stub privacy policy page is created and a link to it is added to the site's footer. Before making your site public, you should update this page with your organization’s privacy policy and publish it.

  1. Update the stub privacy policy. Using the administrative sidebar, go to Content (admin/content), find the existing privacy policy, and press Edit under Operations.
  2. Populate the Description and Content fields.
    • The Description is displayed in search results and teasers. Something like “This Privacy Policy describes {ORGANIZATIONS}’s policies and procedures regarding the collection, use and disclosure of information which you provide when you use {DOMAIN}.” should be sufficient.
    • The Content field should contain your organization’s detailed privacy policy.
  3. Change the page status to Published.
  4. Press the Save button to save your changes and publish the updated page.

Check for the new link in your site’s footer by visiting any page of your site as an anonymous user. Prior to publishing the privacy policy, only you as administrator can see the link. But once the page is published, it’ll show up for everyone. 🎉

What’s next?

Keep a history of changes to your privacy policy, and make sure to notify people about these changes.

Learn more about the Drupal CMS consent manager and how it helps your users protect their privacy.

Wrap-up

Depending on your organization’s location and where you do business, you may or may not be legally obligated to publish a privacy policy. Regardless, doing so helps build trust between you and your visitors. And now you know how to update and publish your privacy policy using Drupal CMS.

Back to top