To comply with the Data Protection Act 2018 and the EU e-Privacy Directive 2011 (also known as the Cookie Law), you must include a privacy policy on your website if it is based in the EU or targeting EU users, and you must obtain ‘informed consent’ from your website’s visitors before saving cookies on their machine.

A privacy policy is a legal notice or disclosure document which specifically states what kind of personal data you will collect from users, how and why you will collect that information, and how the data will be used and/or stored. The privacy policy must also explain how your website uses cookies and/or any other tracking technologies, and it should provide options for deleting, rejecting or controlling them.

Privacy policies should be written in clear language that your target users can easily understand. Each policy should be unique, drafted by a qualified lawyer specifically for the business in question, and complicated legal terms should be avoided.

It is recommended that a link to your privacy policy is included in the footer of all your website’s pages, so it can be readily accessed no matter where users are on your site.

It is important to have a privacy policy in place because it reassures your site’s users that your business conforms to all aspects of the Data Protection Act, giving users the peace of mind that their identity will be protected from theft or fraudulent use. In any case, with the General Data Protection Regulations coming into force in May 2018, a privacy policy is not optional and there can be severe fines imposed by the UK Information Commissioner’s Office if a complaint is made about your website not having a privacy policy.

In the case of e-commerce websites in particular, where credit card information may be required, a privacy policy allows consumers to feel confident that their sensitive data will be safe.

As the rates of identity theft and credit card fraud continue to rise, the misuse of personal data has become an increasingly pressing concern for anyone browsing websites. Notifying visitors of how your website handles their information can be critical to the success of your business, as your privacy policy may influence a users’ decision as to whether they should visit or trade with your business or not.

Additionally, in drafting your unique privacy policy with a lawyer, you will be forced to examine all areas of your website’s data collection. This can actually prove useful when considering how you may be underutilising information for legitimate marketing purposes.

One of the most detrimental mistakes a business can make with respect to data protection regulations is simply copying and pasting another website’s privacy policy which does not accurately represent your business’ data collection policy.

For example, your business could face legal claims if your policy states that it will not share other users’ information with any third party, when you in fact must share user data with third parties like courier services, hosting companies, or banks.

The only way to ensure your company is fully protected from legal action with respect to data protection is by having a specialist lawyer draw up your unique privacy policy before commencing online trading, and then of course, you must adhere to your policy in full.

For more information on data protection laws or for expert advice on preparing your privacy policy for your website, contact us on 020 3475 6751 or via email at

This content is not intended to be used as a substitute for specific legal advice or opinions. No recipients of content from this site should act or refrain from acting on the basis of content of the site without seeking appropriate legal advice or other professional counselling.