GDPR Policy Template for UK Businesses

UK GDPR compliance requires more than one document. Get a complete set of data protection policies tailored to your business — covering UK GDPR, the DPA 2018, and the Data (Use and Access) Act 2025.

Get all 6 documents — £39 Data Protection Policy only — £15

Instant PDF & Word download · 14-day money-back guarantee

What GDPR documents does your business need?

UK GDPR compliance is not a single document — it requires a suite of policies covering how your business collects, uses, stores, and protects personal data. The core requirements for most UK small businesses are:

Privacy Policy — external document explaining to customers how you use their data
Data Protection Policy — internal document for staff covering your data handling procedures
Data Retention Policy — sets out how long you keep different types of data
Employee Privacy Notice — explains to staff how you process their personal data

Larger businesses or those handling sensitive data may also need a Data Breach Response Procedure and Subject Access Request Procedure, both included in our Professional plan (£69).

The Data (Use and Access) Act 2025

The DUAA 2025 received Royal Assent in June 2025 and introduced important updates to UK data protection law, with key provisions taking effect from February 2026. All our documents are generated to reflect these changes.

Get your GDPR compliance documents today

£15

Data Protection Policy

Single document

Get this document

£39

Essentials plan

Get all 6 documents

£69

10 docs incl. breach procedure & SAR

Professional plan

Get all 10 documents

Common questions about UK GDPR

Does UK GDPR still apply after Brexit?

Yes. The UK retained GDPR in domestic law as the UK GDPR when it left the EU. It is enforced by the ICO and applies to all businesses that process the personal data of UK residents, regardless of where the business is based.

What documents do I need for UK GDPR compliance?

At minimum you need a Privacy Policy and a Data Protection Policy. Depending on the size and nature of your business, you may also need a Data Retention Policy, Employee Privacy Notice, Data Breach Response Procedure, and Subject Access Request Procedure.

What is the Data (Use and Access) Act 2025?

The Data (Use and Access) Act 2025 received Royal Assent in June 2025 and updates UK data protection law. Key changes affecting small businesses took effect from February 2026. All our documents are generated to reflect these updated requirements.

What are ICO fines for GDPR breaches?

The ICO can issue fines of up to £17.5 million or 4% of global annual turnover for serious breaches. For less serious infringements the maximum is £8.7 million or 2% of global turnover. The ICO also issues reprimands, enforcement notices, and orders to stop processing.

All 14 UK compliance documents

Privacy Policy Data Protection Policy Data Retention Policy Health & Safety Policy Risk Assessment Employee Privacy Notice Cookie Policy CCTV Policy Data Breach Procedure SAR Procedure Acceptable Use Policy Social Media Policy Fire Safety Policy Lone Worker Policy