UK GDPR compliant privacy policies, data processing agreements, data sharing agreements and individual rights letters for England and Wales. ICO-aware. From £4.99.
Termsmith covers the full spectrum of UK GDPR compliance documentation for businesses in England and Wales — from the privacy policy and cookie policy required by UK GDPR Articles 13 and 14 and PECR 2003, through the data processing and data sharing agreements required under UK GDPR Article 28 and the ICO Data Sharing Code, to the individual rights letters used by data subjects to exercise their Article 15, 17 and 21 rights. Every document is designed by a practising English solicitor with ICO registration ZC118916.
UK GDPR Article 28(3) requires a written data processing agreement whenever a controller engages a processor to handle personal data on its behalf. This is a legal requirement, not a best-practice recommendation. The DPA must specify the subject matter, duration, nature and purpose of processing, the type of personal data, and the processor's obligations including security, sub-processor restrictions, and audit rights. A DPA that fails to describe the actual processing has no legal effect.
Data subjects have the right to access (Article 15), erasure (Article 17), and to object to processing (Article 21) under the UK GDPR and Data Protection Act 2018. Controllers must respond within one calendar month. Termsmith's individual rights letters are formal, citation-complete requests that trigger the statutory deadlines and warm the ICO complaint and court order routes if the controller fails to comply.
Loading interactive view…