GDPR compliant privacy policy

Is your website GDPR compliant?

GDPR Compliance

The newly updated Data Protection regulations are here… make sure that your website is compliant by updating your existing Privacy Policy or creating a new one that covers all the necessary requirements to be GDPR compliant.

Several changes have been made that impact data protection regulations and compliance:

  • It applies to all companies that process personal data, regardless of the company’s location.
  • You must give users more information when collecting their personal data.
  • New regulations around gaining consent to collect data. Consent and explicit consent require clear actions.
  • The age barrier for collecting data is rising from 13 to 16.
  • You must delete data that you’re not using for the original purpose.
  • People can revoke consent to data processing any time and it must be easy for them to do. More control must be given to the users.
  • You have 72 hours to notify regulators of a data breach, unless the breaches are unlikely to be of risk to users.
  • There is now a national office for complaints.
  • Large data controllers must appoint Data Protection Officers.
  • If you don’t comply with GDPR, you could be liable to fines up to £18,000,000 or 4% of total global annual turnover for the previous year.

Privacy Policy

Every website should contain the company’s privacy policy. This can help ensure compliance with Data Protection laws and the new GDPR changes for 2018. Your privacy policy should contain details of how you collect and manage user data, user rights, cookie usage and other important compliance measures.

On the link below you will find a privacy policy generator that will help to create your own customised GDPR compliant privacy policy.

This sample privacy policy has already been adapted to the provisions of the EU General Data Protection Regulation. Utilising the sample text provided means you have less concern over compliance and correct terminology, so you can concentrate on the specific customisation for your core activities.

https://dsgvo-muster-datenschutzerklaerung.dg-datenschutz.de/?lang=en

To create your own Privacy Policy that is suitable for use with the upcoming GDPR changes and data protection regulations in the UK, download and edit this template from SEQ Legal. It’s always advisable to have your legal documentation overlooked by a professional, there are links to help you with that in the template.

What Else?

As well as updating your privacy policy, you may need to add further information and fields to your contact forms if they are used for data collection. Your Terms of Service or Terms of Use may also need updating or altering if they contain relevant information.

Internal policies and procedures around data collection and management may need to be reviewed and adjusted. Key staff should be made aware of the new regulations, the changes implemented and how they impact your company.

What About 3rd Party Apps?

If you use a third-party app or platform such as MailChimp to store user data in the form of a mailing list, you’d be well advised to take a look at this fantastic document that their legal team have put together. Specifically created to help you understand GDPR and how it effects your business, with a focus on using MailChimp’s services.

“MailChimp is excited about the GDPR and the strong data privacy and security principles that it emphasizes, many of which MailChimp instituted long before the GDPR was enacted. At MailChimp, we believe that the GDPR is an important milestone in the data privacy landscape, and we are committed to achieving compliance with the GDPR on or before May 2018.” – MailCimp

What About GDPR and Brexit?

Well there is plenty of speculation around this subject and although this latest version of the UK GDPR will already have some differences to the EU, it’s likely there may be more changes to data protection regulations and the UK GDPR in the not so distant future. Follow the WHITE RABBIT Blog to be kept up to date with data protection compliance in the UK and how it affects your website and online activities.

Guaranteeing GDPR Compliance?

This isn’t something to be taken lightly, the only way to truly ensure you are fully compliant is firstly to educate yourself on the requirements that affect your business and secondly seek professional advice on the legal intricacies of GDPR and your data processing.


The new GDPR regulations came into force on May 25th 2018, make sure you are up to date and compliant, there are several companies offering GDPR training and compliance assistance. Choose carefully and ensure they are working to the relevant GDPR regulations for your country.


image_printPrinter Friendly Version

Leave a Reply