Privacy Policy Compliance Check
Check whether your privacy policy covers everything UK GDPR requires.
Why this matters
A privacy policy isn’t just a legal formality — it’s the document UK GDPR requires you to provide so people understand what data you collect, why, how long you keep it, and what rights they have. Articles 13 and 14 of UK GDPR set out specific information that must be included, and the ICO has published guidance on what “fair processing information” looks like in practice. Many small business privacy policies are copied from templates years ago and don’t reflect what the business actually does with data today.
An outdated or generic privacy policy is one of the most common issues the ICO flags when it investigates a complaint, because it’s often the first thing checked. If your policy doesn’t match your actual practices — for example, it doesn’t mention a tool you now use to process payments or run email marketing — that mismatch itself can be treated as a transparency failure, separate from any issue with the underlying processing.
What you'll need
- Your current privacy policy (if you have one)
- A list of what personal data you collect and why
- A list of any third-party services that process personal data on your behalf
- Your data retention practices
What you'll get
A personalised compliance report covering: a score out of 100, an executive summary, a list of findings ranked by severity, and a prioritised action plan with timeframes.
This check reviews your privacy policy content against UK GDPR’s transparency requirements and highlights any gaps or outdated sections.
General guidance only — not legal advice. Consult a qualified UK solicitor for specific issues.