Data protection information notice

Price:  £19.50(Inc. 20% VAT)(£16.25 Exc. VAT)

This data protection notice will help data controllers to comply with the disclosure requirements of the EU and/or UK GDPR.

Author: Alasdair Taylor
Updated: 4 January 2021
Length: 7 pages
Notes: 10 pages
Format: MS Word (.DOCX)

Both the EU and UK GDPRs require that businesses and other data controllers provide information to data subjects (i.e. individuals) about the personal data that they collect and process. This template data protection notice, prepared with reference to both the statutory rules and the regulatory guidance from the EU and UK authorities, has been drafted to assist with these disclosure obligations

This data protection notice It comes in three versions, covering:

  • individual customers and the personnel of corporate customers;
  • freelance personnel; and
  • the personnel of suppliers and services providers.

The data protection notice lays out the different types of personal data that could be processed, and the legal bases of that proceeding. For example, processing may be based on consent, the performance of a contract, or legitimate interests. In this last case, the specific interests should be identified in the notice.

The persons to whom the data is disclosed should also be identified in the data protection notice, as should details of international transfers (outside the EEA/UK).

If data is collected from some person other than the data subject, then the method of data collection should be described in the data protection notice. In this case, the data controller must provide the notice to the data subject "within a reasonable period after obtaining the personal data, but at the latest within one month, having regard to the specific circumstances in which the personal data are processed" (Article 14(3), GDPR).

With reference to the "suppliers" version of this notice, relatively few businesses produce data protection information notices for supplier personnel. Nonetheless, businesses often act as data controllers with respect to the personal data of such personnel.

If you are looking for a single data protection notice for both your website users and your customers, you should look at our privacy policy and privacy documents rather than this notice.


  1. Introduction
  2. How we use your personal data
  3. Providing your personal data to others
  4. International transfers of your personal data
  5. Retaining and deleting personal data
  6. Security of personal data
  7. Amendments
  8. Your rights
  9. Our details
  10. Representative within the European Union
  11. Data protection officer

Copies of this data protection notice are included in each of these packs:

Be the first to write a review of this template using our brand new review system.