Getting your privacy policy in place is one of the key steps to becoming GDPR compliant. It’s also a a great opportunity for you to build a relationship of trust with your customers, and present yourself as an open and honest organisation.

It can seem like a daunting task but it doesn’t need to be. A big part of the new GDPR data laws is that data protection and data policies have to be easy to understand and accessible to all. This means your policy needs to be short, concise and easy to read, not wordy or complex. A 200 page policy that no one ever reads is not really acceptable any more but this is good news, because it means you don’t have to write a 200 word essay!

What information do I need in my GDPR compliant privacy policy?

The following questions should be considered when writing a privacy notice:

  • What information is being collected?
  • Who is collecting it?
  • How is it collected?
  • Why is it being collected?
  • How will it be used?
  • Who will it be shared with?
  • What will be the effect of this on the individuals concerned?
  • Is the intended use likely to cause individuals to object or complain?

Here are some useful guides and toolkits

Documents to download

GDPR Privacy Notice Toolkit – by We Will Thrive
Privacy Notice Checklist – Information Commisioner’s Office

Useful Links


What do I do now?

In order to comply with GDPR you will need to write your own privacy policy and display it on your website in an easily accessible place (e.g. your footer menu). We are happy to help so please don’t hesitate to get in touch if you need any help or advice.

Read our privacy policy