How do you make your web site GDPR and Data Protection Bill compliant?

Make your web site GDPR and Data Protection Bill compliant in 10 minutes!

If you are an SMB, micro business or a sole trader, your main or even exclusive marketing and communication tool is your web site. If your organisation is employing fewer than 250 employees and does not process sensitive (special category) personal data, according to the article 30 of GDPR the documentation requirements are limited to certain types of processing activities, however the right to be informed still apply for your web site visitors, clients and subscribers. Our online non-intrusive toolkit can help your web site to meet the requirements of the EU General Data Protection Regulation and Data Protection Bill quickly and effectively.

Create your Privacy Policy with our online wizard


Industry specific privacy policy templates for the following sectors:


Sports club excluding accommodation

Agricultural services

Software development companies

Automobile repair

Training/courses online


Training onsite/Groups/Courses

Beauty/Hair/SPA salon

Translation services

Betting or gambling online

Travel agency

Building/Architecture/Construction/ Plumbing&Heating/Electrical services/Brickwork

Veterinary clinic

Business consulting and management

Web or graphic design services

Car/Van renting


Cleaning services

Charity & Non-profit organisation

Dress maker/Dress&Shoes repair/Clothes cleaning

Alternative medicine

Financial planning/Pensions/Investment

Beauty clinic



IT, computer &Technology company

Language school with accommodation

Language school with no accommodation

Medical/Healthcare clinic


Psychologist/Counselling services/Therapist


Security/CCTV/Alarms Advanced

Marketing and advertising services

Sports club with accommodation

Photography services


Printings services

Nursery/Kindergarten/Private school/Supplementary education provider for children below 13

Real estate

Retail sales

What it covers?

1. 'Privacy Policy' — statement document, you can create answering a few questions of our wizard, obligatory to be compliant with the GDPR Right to be informed;

The privacy policy covers all the GDPR requirements as for the Right of the individuals to be informed:

- The name and contact details of your organisation (The data controller identity)

- The name and contact details of your representative where applicable

- The contact details of your data protection officer where applicable. Our DPO365 service is also available under subscription.

-Categories of data subjects and of the categories of collected data by the site

- Use of the data or purposes of the processing

-Lawful basis for processing automatically applied depending on your sector

- The categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organisations;

- where applicable, transfers of personal data to a third country

- The envisaged time limits for erasure of the different categories of data;

2. Once created, you can download your privacy statement in Word format, edit it and place to your web site.

3. Banner for cookie and analytics consent; Location and IP address collection consent; anonymised behaviour analytics consent

Useful information

General Data Protection Regulation (GDPR)

Is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify the personal data protection for all individuals within the European Union (EU). It becomes enforceable from 25 May 2018

Under the GDPR, the data protection principles set out the main responsibilities for organisations. You can find more information on Information Commissioner's Office Guide to the General Data Protection Regulation (GDPR) for Organisations:

Data Protection Bill

The short definition is that Data Protection Bill applies same standards as GDPR but adjusts those that would not work in the United Kingfom national context as GDPR gives member states limited opportunities to make provisions for how it applies in their country.

You can find more information on Information Commissioner's Office Guide to the Data Protection Bill:

Personal Data

The GDPR applies to 'personal data' meaning any information relating to an identifiable natural person who can be directly or indirectly identified in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This means that the Internet Protocol address (IP address) and location data are considered personal data if a natural person can be directly or indirectly identified with these identifiers.

If you are sending marketing to someone within an organisation using an email address like this,, or contacting a specific individual using a phone number identified with them, then you will be processing personal data and you will therefore need to follow the requirements of GDPR in terms of how you process that data.


Any freely given specific and informed indication of individual's wishes by which the data subject signifies his agreement to personal data relating to him being processed.

The GDPR sets a high standard for consent. Consent requires a positive opt-in. You can't use pre-ticked boxes or any other method of default consent to send marketing communications or newsletters to your clients. Organisations now need an individual's consent before they can send marketing texts or emails. The clearest way of obtaining consent is to invite the customer to tick an opt-in box confirming that they wish to receive marketing messages.

Lawful basis for processing

For the purposes of GDPR and Data Protection Bill you must have a valid lawful basis in order to process personal data. Your privacy notice should include your lawful basis for processing as well as the purposes of the processing. This means you have to explain and be able to demonstrate why the collection of personal data is necessary.

There are six available lawful bases for processing: Consent, Contract, Legal obligation, Vital interests, Public tasks, Legitimate interests.

'No single basis is 'better' or more important than the others - which basis is most appropriate to use will depend on your purpose and relationship with the individual.

The default lawful basis for processing used in the wizard are different depending on your sector.

This site uses cookies and different analytics technologies to monitor how you interact with our Website and collect your browser technical configuration data. By continuing to browse this site or by clicking I Accept you agree to the storing of cookies on your device. Please visit our privacy policy to find more information about cookies.