Iubenda logo
Start generating


Table of Contents

GDPR Compliance: Privacy Policy Template

What should a GDPR-compliant privacy policy include?
In this post, we’ll look at a GDPR policy template and list everything you may need to make your privacy policy compliant!

GDPR policy template

What is the GDPR?

The General Data Protection Regulation, at its most basic, specifies how personal data should be lawfully processed, including how it’s collected, used, protected or interacted with in general.

It’s meant to strengthen data protection for all people whose personal information fall within its scope of application.

What should a GDPR-compliant privacy policy include?

When you collect users’ data, the GDPR requires that you show a privacy policy, whether if you run a website, an app, an eCommerce or a newsletter (these are just a few examples).

Your privacy policy should be clear and unambiguous, up-to-date and easily accessible throughout your website or app. It should state, at the very least:

  • who is the site/app owner;
  • what data is being collected and how;
  • what is the legal basis for the collection;
  • what is the specific purpose of your collection;
  • which third parties will have access to the information and if any of them will collect data;
  • details relating to cross-border/ overseas data transfer and which measures were put into place to facilitate this in a safe and compliant way (where applicable);
  • what rights users have;
  • the description of process for notifying users and visitors of changes or updates to the privacy policy;
  • the effective date of the privacy policy.

As we said, these are just the basic elements.
For instance, you may also need to add the name and contact details of your Data Protection Officer (DPO), or EU representative if that applies to your company.

More on GDPR

This article is a part of our series on GDPR and GDPR compliance. Read also:

👉 GDPR cheat sheet: 15 things to know

GDPR Policy Template

Here’s a template of a GDPR-compliant privacy policy, generated with iubenda’s Privacy and Cookie Policy Generator.

Just click the button to open it!

Privacy Policy

Non-compliance can have strong consequences.

GDPR is well-known for its hefty fines, which can amount up to EUR 20 million (€20m) or 4% of the annual worldwide turnover – whichever is greater. But perhaps equally as concerning are the other potential sanctions: official reprimands (for first-time violations), periodic data protection audits and liability damages.

How iubenda can help

iubenda set of tools can help you achieve GDPR compliance, in minutes. You can access our full range of GDPR solutions here.

Do you need a privacy policy? Check out our Privacy and Cookie Policy Generator!

It allows you to create a lawyer-crafted, precise privacy policy and to seamlessly integrate it with your website or app.
You can either add any of our +1700 pre-created clauses, or easily write your own custom clauses using the built-in form.

The privacy policy also comes with the option to include a cookie policy, which is necessary if your website or app is using cookies. The policies are customizable to your needs and remotely maintained by an international legal team.

About us


GDPR compliance for your site, app and organization


See also