FAQ about GDPR

We provide the most comprehensive and best value GDPR-compliant document package available. Here are just a few of the key benefits:

Most compliant. All of our documentation has been specifically drafted to comply with the GDPR and to provide you with as much legal protection for your business as possible. We have even gone the extra mile and had our documents reviewed by a US attorney to ensure their compliance with relevant extra-territorial non-EU legislation, such as the The California Online Privacy Protection Act (CalOPPA), as well as the Children’s Online Privacy Protection Act (COPPA). Our products far exceed the quality of other templates available online, many of which have not been reviewed or approved by a solicitor, attorney or lawyer and which fail to comply with relevant legislation, putting your business at risk of enormous fines and penalties.

Most flexibility. Our documents and guidance notes describe the full range of options available to you to achieve compliance with relevant UK and EU legislation, while focusing on the most straightforward, convenient and low-cost options, saving you both time and money.

Best guidance available. No competitor offers anywhere near as much useful guidance for tailoring the documentation to your website and business. This can save you huge sums of money in legal fees, which quickly and easily run into the thousands of pounds.

Best value. No competitor offers you the level of comprehensive documentary protection, advice and resources for the price of our website documentation. The only real alternative for getting high quality documentation for your website is to find a reputable data protection specialist or lawyer, which often costs thousands of pounds, so purchasing our website documentation is your easiest and most cost-effective solution by far, saving you an estimated 90-95% off the cost of a solicitor or lawyer.

Independently verified. Our template documents have been reviewed for suitability and GDPR compliance by not only ourselves but also by an independent UK solicitor, UK barrister. We have also had our documents reviewed for compliance with relevant US legislation by a US attorney. No other document provider can claim this level of investment in their document templates.

ICO and Article 29 Working Party Guidance considered. Our documents have been prepared using the latest

ICO and Article 29 Working Party guidance available. Our documentation is therefore not just compliant but effectively ‘gold-plated’, allowing you to go further than your competitors and adopt best practice, offering your business even greater protection and improving customer trust and confidence. Moreover, when it comes to enforcement, the ICO has stated that it will consider whether a business has followed best practice when considering whether a business has breached data protection law.

Unlike other companies purporting to offer similar documents, we haven’t just taken old documentation and made minor adjustments. Our documents and guidance notes were drafted from scratch for the specific purpose of complying with the GDPR. We have done this because we believe it is the only way to provide the highest possible level of compliance with the GDPR and to visibly demonstrate your compliance with the new regime. Moreover, all of our documentation has been carefully considered each of the relevant provisions of the original legislation as well as official guidance from the ICO and the Article 29 Working Party.

If that were not enough, we have also had our documents reviewed and approved by a UK solicitor and UK barrister and by a US attorney for compliance with US legislation. You can therefore rest assured that with our website documentation, you will be using the latest, most up to date and state of the art documentation for your website.

Yes, the documents we provide are templates and you must tailor them to ensure that they are relevant to your particular website and business. While we have prepared the documents for use by the vast majority of websites and businesses, they will invariably need to be tailored to the specific features and functionality of your website and for what your business does with personal data. The cookies policy, for example, will require you to delete references to any types of cookies that you do not intend to use. All such adjustment options are made clearly visible in the documents themselves, and explained in full in the guidance notes accompanying them, so you should be able to do this yourself.

If you require modifications outside of the scope of the original documents and guidance notes, these are also possible, but we will not be able to guarantee that any such modifications that you make yourself will be compliant or fit for purpose. In this situation we would always recommend seeking appropriate advice. We offer a bespoke document tailoring service, so please feel free to contact us at info@gdprprivacypolicy.org and we can provide you with a quote.

When you purchase your document package, the latest versions of all documents and guidance notes will be immediately downloadable or sent within 24 hours to the email address that you provided at checkout. If you have not received the documents within that time period, please email us at sales@gdprprivacypolicy.org.

If you have purchased a subscription or taken out a free 6 month trial to our Legal Update Platform, you will be provided with unique login information to the customer area of our website. Once you have logged in, you will have access to the latest versions of all the documents, all guidance notes, and all the additional content available exclusively to subscribers, such as legal updates, summary guidance notes on new information provided by the data processing authority, and template responses to data subject requests.

The laws of most countries, including the UK, require you to provide a variety of information on your website. For example, the Electronic Commerce Regulations 2002 (SI 2002/2013) require businesses to provide specific information about their identity and other business information. The Data Protection Act 1998, soon to be replaced by the General Data Protection Regulation (GDPR), requires that businesses include privacy notices on their website setting out what a website owner does with personal data they collect from users and how they treat it. Similarly, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended) require that website owners notify users about the use of cookies and that they obtain appropriate consent from those users before placing them on their users’ browser or computer.

These laws (as well as numerous other pieces of legislation) mean that website owners need to provide a great deal of information on their websites, usually in the form of a set of terms of use, privacy policy and cookies policy, and links to them on every page of the website.

The General Data Protection Regulation (GDPR) will introduce a broad range of new and specific requirements for privacy policies and these differ substantially from requirements under current law. Many of the new requirements, such as the right to data portability, will not feature in privacy policies which were drafted for the current Data Protection Act 1998. Furthermore, a large amount of regulatory guidance from the Information Commissioner’s Office (ICO) and other legislation governing what should be included in privacy policies has changed over time. Due to the extensive changes which will need to be made to your privacy policy, it is far more efficient and effective to prepare your website for GDPR with a privacy policy specifically designed to comply with it rather than than to try to update an existing privacy policy which was never designed with GDPR compliance in mind. This is all the more the case because of the risk of serious fines for failing to update your privacy policy properly, so you need to be confident that your privacy policy is compliant.

Website terms of use are an important document with several functions:

• they contain mandatory information which website owners are required by law to provide to their website users;
• they set out the basis on which users are permitted to access, use and interact with the website and prohibit undesirable or unlawful conduct and any harmful practices;
• they exclude the website owner’s liability to users and third parties as far as legally possibly, including liability for inaccuracies, user-generated content and content on any linked sites;
• they describe the availability of the website and exclude representations of suitability for purpose and viewing on different platforms;
• they detail any requirements for registering on the site (such as age restrictions); and
• they incorporate other important policies and documents by reference, such as the privacy policy, cookies policy and (where applicable) terms of sale.

The vast majority of websites, even those with limited or no interactive functions, place cookies on users’ browsers or computers every time they visit the website. There are numerous different types of cookies, all with different functions, and not all of which are fully in the control of the website owner. With very limited exceptions, website owners are required to notify users of the types of cookies and purposes for which they are used and to collect an appropriate form of consent for their use. Cookies policies, together with pop-up notifications, are a necessary and effective method of obtaining the appropriate consent for the use of cookies on your website.

If you are unsure whether you use cookies on your website, you should check using appropriate tools or contact your website developer. If you use Google Analytics, Google Adwords, Facebook Pixel or any other tracking technology on your website, you are required by law and by those third parties’ terms and conditions to have a cookies policy setting out how you use those technologies. If you embed videos, chat functions, comments sections, contact forms or any other third party functionality on your website, it is highly likely that you will need a cookies policy.

Our cookies policy and accompanying guidance note is one of the best available and can help you with all of these issues, providing you with the practical advice you need to tailor your cookies policy to your website’s specific requirements as well as to the latest software and third party cookies commonly used by websites today (such as Google Analytics, Facebook Pixel, and more).

Many e-commerce websites have a single set of terms and conditions relating to orders or purchases placed on their website, usually referred to as the ‘terms of sale’. These are unlikely to include many of the general terms of use designed to protect the website owner from unauthorised use of the website and to limit their liability to their users and other third parties. Moreover, these terms of sale are normally only visible at the point of purchase, some time after the user has had access to the site, or they are not brought to the user’s attention at all, reducing the likelihood that they will be legally enforceable. This means that the entirety of the user’s use of the site up until that point will not be governed by those terms, and to that extent, they will be ineffective. A separate notice, setting out the full terms and conditions upon which the site is made available to users, known as a website’s ‘terms of use’, should be accessible from the moment the user first accesses the website and available via a link on every page.

A full description of how terms of use should be used, including how they should be used alongside terms of sale for e-commerce sites, as well as practical advice as to where tick-box consent is needed before a user is bound by terms of use, is contained our guidance notes accompanying our comprehensive terms of use template.

Even the best and most carefully drafted documents need to be updated to reflect changes in law.
The law is constantly changing and although major changes in law like the GDPR do not come round often, the interpretation of laws changes over time as new decisions are made by judges in court cases, exemptions in national and secondary legislation are applied, and new guidance from regulators like the Information Commissioner’s Office (ICO) or interpretative bodies like the Article 29 Working Party are issued. Therefore, while all of our documentation has been drafted for compatibility with the GDPR and all other applicable legislation at the time of purchase, our documents will invariably be required to be updated for new laws affecting websites (e.g. the new e-Privacy Regulation), the new Data Protection Act being prepared by Parliament, changes in law as a result of Brexit and continually changing interpretations of the law. We provide periodic updates of our guidance notes to describe the latest official practices and upload regular content to assist businesses with new methods of ensuring that their data processing activities are fully compliant with applicable legislation.

It is essential for all businesses dealing with personal data to remain up to date and to ensure that their documentation and practices accord with the latest interpretations of the legislation and changes in law so they can ensure compliance and avoid potentially catastrophic and crippling fines. At only £25 +VAT per year, our Legal Update Platform is the most cost-effective way to achieve ongoing legal compliance for your website and costs a fraction of what it would cost to pay a solicitor or other professional to provide you with a similar service.

Our Legal Update Platform subscription includes:

• access to the latest versions of our Terms of Use (including User Content Agreement), our Privacy Policy and Cookies Policy;
• access to the latest versions of all guidance notes to help you adapt of all our website documentation for your website. These contain up-to-date and user-friendly tips and advice to help you ensure that your documents and practices comply with relevant data protection rules;
• template response letters to help you respond to subject access requests, saving you precious time and money when handling such a request;
• guidance notes for handling subject access requests, ensuring you know what you have to provide and when you have to provide it by;
• practice notes on key GDPR issues such as consents, cookies, reporting breaches and pseudonymisation (amongst others);
• legal updates following developments in case law, ICO guidance and secondary legislation, outlining their impact clearly and simply and setting out any practical steps you need to take as a consequence; and
• regulatory guidance summaries, concisely outlining the key points from ICO guidance, so you can take relevant actions quickly and effectively and avoid the need to read through lengthy guidance notes.

Subscriptions are incredibly affordable and cost-effective at just £30 + VAT a year! In addition, customers who purchase our document packages will also be given the opportunity to enjoy a 6-month free, no obligation trial period for all subscription content.

The rate at which legal updates are provided varies based on a range of factors, but primarily based on the rate at which the law changes or relevant guidance from the ICO or Article 29 Working Party is issued.

We will update our document templates following any relevant changes in law and update our guidance notes regularly, at least every time new guidance materials are published by the ICO or other authorities, or whenever new case-law affects a relevant practice. We will add summaries of new regulatory materials whenever they are published, and will generally add new additional content as often as possible to answer questions we frequently receive and to provide helpful advice in relation to key topics in data protection such as marketing, cyber-security and consent.

Yes. All subscribers to our Legal Update Platform will receive email notifications every time we update or upload new documents, so you will be aware of any changes as soon as we make them.

If you are not receiving email notifications at all, or as often as you are expecting, please check your spam folders for emails from GDPR Privacy Policy and add our address to your white-list of genuine senders. This should prevent you from missing out on key updates in the future.

We are also working on a new system that will allow subscribers to select their own preferences for when they wish to receive notifications. If you only want to hear about new versions of the template documents and not the guidance, that’s fine!