UK GDPR compliant Privacy Policy — tailored to your business. Covers DUAA 2025 changes, lawful basis, individual rights and ICO complaints. From £4.99.
A Privacy Policy is the document a controller publishes to satisfy the transparency obligations of Articles 13 and 14 of the UK GDPR. It tells data subjects what personal data is collected, why, on what lawful basis, who it is shared with, how long it is kept, and the rights they have over it.
Any business that processes personal data — through a website, an email list, a customer database, a job application form, a contact form, analytics or marketing — needs a Privacy Policy in place before processing begins. Failure to provide one is itself a breach of UK GDPR Article 13.
Controller identity and contact details, categories of personal data, purposes and lawful bases for processing (UK GDPR Article 6), data sharing and recipients, international transfers (post-DUAA 2025 'materially lower' test), retention periods, data subject rights including the right to complain to the ICO, automated decision-making disclosure under Articles 22A–22D, and cookie processing where applicable.
Loading interactive view…