Skip to content
Learni
View all tutorials
Développement Web

How to Write a Privacy Policy in 2026

12 minBEGINNER
RGPDConfidentialitéWeb
Lire en français

Introduction

A privacy policy is essential for any modern website. It informs users about the collection and use of their personal data. In 2026, GDPR compliance remains mandatory and penalties for non-compliance are higher. This tutorial guides you step by step to draft and integrate a clear, professional policy into your project.

Prerequisites

  • Basic knowledge of HTML and JavaScript
  • A code editor (VS Code recommended)
  • An existing or new web project
  • Basic understanding of GDPR

Create the HTML Structure

privacy.html
<!DOCTYPE html>
<html lang="fr">
<head>
  <meta charset="UTF-8">
  <title>Politique de Confidentialité</title>
</head>
<body>
  <h1>Politique de Confidentialité</h1>
  <div id="policy-content"></div>
</body>
</html>

This basic HTML file serves as the foundation for the privacy policy. It includes an empty div that will be populated dynamically for better maintainability.

Add GDPR Content

privacy.html
<section>
  <h2>1. Collecte des données</h2>
  <p>Nous collectons votre nom, email et adresse IP lors de l'inscription.</p>
  <h2>2. Utilisation des données</h2>
  <p>Les données servent à améliorer nos services et vous envoyer des newsletters.</p>
</section>

This section clearly defines the data collected and its purpose, a key point for GDPR compliance and user transparency.

Integrate the React Component

PrivacyPolicy.tsx
import React from 'react';

const PrivacyPolicy: React.FC = () => {
  return (
    <div className="policy">
      <h1>Politique de Confidentialité</h1>
      <p>Dernière mise à jour : Janvier 2026</p>
    </div>
  );
};
export default PrivacyPolicy;

This reusable React component displays the policy in a modern application while keeping the code maintainable and testable.

Handle User Consent

consent.js
function saveConsent() {
  localStorage.setItem('privacyConsent', 'accepted');
  document.getElementById('consent-banner').style.display = 'none';
}
window.onload = function() {
  if (!localStorage.getItem('privacyConsent')) {
    document.getElementById('consent-banner').style.display = 'block';
  }
};

This simple JavaScript script manages consent via localStorage. It complies with GDPR by requesting explicit user agreement before any data collection.

Next.js Page Configuration

app/privacy/page.tsx
export default function PrivacyPage() {
  return (
    <main>
      <h1>Politique de Confidentialité</h1>
      <p>Nous protégeons vos données conformément au RGPD.</p>
    </main>
  );
}

This Next.js route makes the policy accessible at /privacy. It is optimized for SEO and server-side rendering.

Best Practices

  • Update the policy with every major change in data processing
  • Use clear, accessible language without complex legal jargon
  • Include DPO contact details and a simple contact method
  • Add a link to the policy in the footer of all pages
  • Keep a history of previous versions

Common Mistakes

  • Forgetting to mention third-party cookies and their retention period
  • Not offering a data deletion form
  • Copy-pasting a generic template without adapting it to your business
  • Ignoring legal updates after 2025

Further Reading

Deepen your knowledge with our complete training on GDPR compliance and data protection. Discover our Learni courses.