UK GDPR Website Privacy Policy

Organisation name *

Registered address *

Contact email *

Contact phone (optional)

Website URL *

Company registration number (optional)

ICO registration number (optional)

Policy effective date *

Note: Under UK GDPR, organisations that process personal data must register with the ICO and pay a data protection fee unless an exemption applies. Visit ico.org.uk to check your registration status.

Personal data collected (optional)

List the categories of personal data your website collects.

Primary lawful basis for processing *

Data retention period *

State how long you retain personal data, or the criteria used to determine the retention period.

Data storage location

Important: UK GDPR Article 6 requires you to identify a valid lawful basis for each processing activity before you begin processing. You cannot retrospectively change the lawful basis.

Third-party service providers (optional)

List the specific third-party services you use that process personal data.

Data shared with

International data transfers

Cookie policy summary

Important: Since the UK left the EU, international transfers from the UK require specific safeguards under UK GDPR Articles 44-49. Transfers without adequate protection can result in ICO enforcement action and fines up to 17.5 million GBP or 4% of global turnover.

Rights to include

How to exercise rights

ICO complaint information

Policy update procedure

Data Protection Officer appointed?

Important: This privacy policy template is designed to help you comply with UK GDPR, the Data Protection Act 2018, and PECR. Every organisation's data processing activities are different. You should review this policy with a qualified data protection professional to ensure it accurately reflects your specific processing activities.