Create a Document in 3 Easy Steps
1. Get Started
Choose Your Form or
Location to Begin
2. Answer Questions
Complete Your Document in Minutes
3. Download Document
Download and Print your PDF
- if you are collecting and processing personal data or information on your website.
- To ensure that you comply with the UK & EU data protection laws.
- the type of data collected on your website
- what the data is used for
- other linked websites
- the security of the data and who has access to it
- cookies; and
- what happens if the data is transferred outside Europe
If you are an online business in the UK, and collecting and processing personal data, you must comply with the GDPR and UK data protection laws. This policy’s purpose is to ensure that your website complies with the obligations under the law and obtains the users’ consent to process their data as required by law.
What or who is a Data Protection Officer (DPO)?
The Data Protection Officer’s role is to help your business with compliance with Data Protection Law. They should advise you of your data protection obligations and make any necessary recommendations for changes you need to make to ensure compliance. They also liaise between the data subject (the person whose data it is) and the Information Commissioner’s Office (ICO). The ICO is the Regulator who reviews situations where a breach has occurred. If a business is in breach of the Data Protection Laws, they could be reported to and investigated by the ICO. The penalty for non-compliance is a fine.
What kind of information will be collected from users on my website?
Everything depends on what your reasons are for collecting the data on your website. If you are an e-commerce site and users are purchasing goods on your website, you may want to take their personal data such as name, address and credit/ debit card details. Personal data also includes things such as IP addresses, aliases, personal opinions, or anything that could be used to identify an individual.
What do you mean by storing cookies?
What are cookies? They are small text files that can be stored on any visitor to your site’s hard drive or browser and are generally used to collect personal data. Cookies gather information about how the user uses your website and allows your website to recognise the user when they return to your site as an existing customer. Data protection law gives the user of your website protection from cookies being stored on their hard drive or browser and lets them opt-out of cookies being used.
This all depends on how your business is set up. If you are a UK registered company or partnership, you must disclose some essential information about your business on your website.
- Your Company Name;
- Your Company Registration Number;
- The Place of Registration (e.g. England and Wales);
- Your Registered Office Address; and
- Business Contact details.
If you are set up as a sole trader, you must show the contact address of your principal place of business.
What is meant by an Information Management Security System (IMSS)?
The IMSS is the systems and processes set up to manage your businesses data by protecting the information. An IMSS aims to reduce the risk for the organisation and ensure business continuity by reducing the impact of any security breach, and are developed specifically in line with your organisations set up.
General Data Protection Regulation (EU) 2016/679. What is this?
The General Data Protection Regulation (GDPR) came into effect in 2018 and is a European law that applies to all EU Member States.
Data Protection Policy