Running a Compliant Business
How to Create a Privacy Notice
A step-by-step guide to writing a clear privacy notice that meets the Act and that people can actually understand.
What you will learn
- What a privacy notice is and why you need one
- The sections a good notice should include
- How to write it in plain language
- Common mistakes to avoid
Overview
A privacy notice is the plain-language statement that tells people how your business collects, uses, shares, and protects their personal data. It is one of the most visible signs that you take data protection seriously, and for most businesses it is the natural first step.
Why this matters
Being transparent is a core part of the first standard (), and the right to be informed is one of the data subject rights in the Act. A clear notice builds trust and reduces complaints, because people understand what to expect.
What to include
A good privacy notice usually covers:
- Who you are. Your business name and how to contact you about privacy.
- What data you collect. The categories of personal data, including any sensitive data.
- Why you collect it. The purposes and your lawful basis.
- Who you share it with. Processors, partners, or authorities, where relevant.
- How long you keep it. Your retention approach.
- People's rights. How they can access, correct, or object.
- International transfers. If you use overseas tools or storage.
- How to complain. Including the role of the Office of the Information Commissioner.
How to write it
- List the personal data your business actually collects and why.
- Note who you share it with and where it is stored.
- Draft each section in plain language using the list above.
- Have someone outside your team read it. If they are confused, simplify.
- Publish it somewhere easy to find and keep it up to date.
Good and bad examples
- Good. "We use your email address to send your order updates and, if you opt in, occasional offers. You can unsubscribe at any time."
- Bad. "We may process your data for various business purposes in accordance with applicable law." (Vague and unhelpful.)
Common mistakes
- Copying a generic template that does not match your business.
- Hiding the notice or making it hard to find.
- Writing it once and never updating it as your business changes.
Best practices
- Keep it specific to what your business really does.
- Review it whenever you add a new tool, partner, or data use.
- Link it wherever you collect personal data.
Put this into practice
Answer a few questions about your business and generate a privacy notice tailored to your sector.
Launch the Privacy Notice GeneratorFrequently asked questions
Key takeaways
- A privacy notice tells people how and why you use their personal data.
- Almost every business that handles personal data needs one.
- It should be clear, specific, and easy to find.
- The generator can produce a tailored notice in minutes.
