Privacy Policy

The privacy policy is the public-facing transparency document that explains how the business processes personal data. The legal requirement is set by Articles 13 and 14 of the UK GDPR, and the ICO expects policies to be specific (not generic), accurate (reflecting what the business does), and accessible (in plain language and easy to find).

Why generic privacy policies fail

Generic privacy policies copied from templates regularly fail all three of those tests: they list lawful bases the business does not rely on, they reference processing activities the business does not carry out, and they are written in the kind of legalese that makes them functionally unreadable.

A good privacy policy is tailored, specific, and honest about what is being done with the reader's data.

If your business collects or processes personal data in any form, through a website, contact form, mailing list, or CRM, you are legally required to have a privacy policy that complies with UK GDPR.

Example: a typical scope and fixed fee

For a UK business needing a website privacy policy, the typical scope looks like this.

What's included

• A consultation to understand what personal data you collect and how you use it
• Drafting of a privacy policy covering data controller details, lawful bases, data categories, retention, rights, and international transfers
• One round of revisions based on your feedback
• Final version ready to publish

What's outside this scope

• Cookie policy (see Cookie Policy)
• Data protection registration with the ICO
• Tax advice

Fixed fee: £275, no VAT.

How I will approach your matter

Once you have instructed me, I will take the time to understand what personal data you collect and how you use it, then draft a tailored policy that is clear, compliant, and ready to publish.