Under the GDPR a Privacy Policy is absolutely necessary to each and every website where personal data are processed. Websites, e-shops, social media and blogs must have Privacy Policies, when there is a contact form, a login function or users may create accounts or even send their data without creating an account. Users are Data Subjects, and websites' owners are considered Data Controllers. And Data Controllers must inform users about the ways their data are processed, and their rights towards this processing.