Iubenda logo
Start generating


Table of Contents

Privacy Policy Template for Small Business UK

Do I still need a privacy policy if I’m a small UK business? The continued updates in EU privacy laws and Brexit may have confused you about what you actually need. We’ll cover some of those frequently asked questions and talk templates in this short post. 

Privacy Policy Template for Small Business UK

GDPR after Brexit, does anything change?

The GDPR, which used to be binding law in the UK until Brexit took effect on Dec. 31st, 2020 (Read more about the GDPR and when it applies here.), is now, for the most part, still applicable in the UK as “UK GDPR” as long as no new national data protection act or legislation is passed.

We have an article dedicated to GDPR & Brexit – What it means for businesses and the impact on data protection, which you can access here for further reading. 

Is a privacy policy required?

No matter what size, if your business is based in the UK, you need a privacy policy if you gather personal information from users. This also includes mobile apps, a blog, an eCommerce, and a newsletter. It’s required by law and can be required by third-party services.

The following are the most fundamental components of a privacy policy:

  • Who owns the website/app?
  • What information is being gathered? How is that information gathered?
  • What is the legal justification for the collection?
  • What precise reasons are the data collected for?
  • The types of sources from which you obtain personal information on consumers
  • What other parties will have access to the data?
  • Details about cross-border/international data transfers, including any safeguards to ensure their safety and compliance, when relevant.
  • What are the rights of users?
  • Process for informing users and visitors of changes or modifications to the privacy policy
  • The date on which the privacy policy goes into effect

Can I use a basic template?

The truth is that the subject of privacy rules is quite complex. As a result, a template for a privacy policy must consider various factors, such as what you are doing on your website that is privacy relevant, not to mention where you and your users are located. That’s difficult to handle when you consider the dozens and dozens of relevant things you may be doing on your site. So… 

How iubenda can help you create a privacy policy

Privacy information must be up to date, comprehensible, unambiguous, and easily available throughout the website to meet GDPR disclosure and transparency standards.

The GDPR can apply to you whether you live in the EU or have EU users, and the repercussions of non-compliance can be severe. To be compliant, your policy must include at the very least:

Disclose the personal data gathered and the purposes for which they were obtained; provide an accurate list of all third parties with whom the data is shared, and notify users of their data rights.

See this GDPR-compliant privacy policy created with our generator for an example of how these elements come together. Click on the button to open the document: 

Just click on the button to open it! 

Privacy Policy

iubenda makes it easy to comply with legal requirements across multiple countries’ legislation (including the GDPR). With hundreds of available clauses, our privacy policies contain all the elements commonly required across many regions and services while applying the strictest standards by default – giving you the option to fully customize as needed.