Data privacy and cookies

Data protection and privacy laws are particularly important for online businesses which handle personal electronic data or use cookies.

Get started

Create your Data protection policy

Answer a few questions. We'll take care of the rest

Data protection considerations

The Data Protection Act is designed to regulate the use of personal data by businesses and other organisations.

Anyone processing personal data must ensure that it is: used fairly and lawfully; not used beyond specifically stated purposes; used in a way that is adequate, relevant and not excessive; accurate and up-to-date; kept for no longer than strictly necessary; handled according to the data protection rights of individuals; kept secure and not transferred outside the European Economic Area (EEA) without adequate protection. Depending on how you use personal data, you may be required to notify the Information Commissioner’s Office (ICO). To find out whether your business needs to notify the ICO, take this self assessment.

Privacy and cookies

The Privacy and Electronic Communications Regulations set out certain online marketing obligations and govern the use of cookies (also known as the Cookie Law). 

Cookies are files stored on a computer’s browser by websites which can be used for various purposes, often related to marketing or advertising.

Websites cannot use 'non essential' cookies unless the consent of the user is expressly given - in other words users must first opt-in before such cookies can be deployed.

Non essential cookies are those which are used for analytical purposes or to assist with advertising. Even cookies which customise a website (such as providing a greeting message) are deemed to be non essential.

Essential cookies are generally those which enable an online checkout process to work properly - or if required for technical or security purposes.

There is no specific method which must be used to obtain consent to use cookies. Banners or icons which need to be clicked on to disappear are a popular method.

Failure to comply with the Cookie Law can lead to fines of up to £500,000.

A website privacy policy helps to reassure visitors that their personal data is protected and can assist in compliance with the Cookie Law. 

Email marketing: all recipients of an email marketing campaign should be clearly given a way of opting out of any further email marketing. Furthermore, the recipients should have originally opted in to receive emails, unless their contact details were obtained in the course of business.

Get started

Create your Data protection policy

Answer a few questions. We'll take care of the rest