Does my Business Website Still Need a Privacy Policy After Brexit?

February 14, 2022

By Stephen Thompson

The EU GDPR is an EU Regulation and it no longer applies to the UK. However, if your business operates inside the UK, you will need to comply with the Data Protection Act 2018.

The provisions of the EU GDPR have been incorporated directly into UK law as the UK GDPR. However, in practice, there is little change to the core data protection principles, rights and obligations.

Your business website should display a customer facing privacy policy, which will notify the visitors to your website about how it collects, uses and stores personal data (excluding special categories of personal data and data relating to criminal convictions and offences), through the use of your website, to enable you to provide goods and services.

As part of the UK GDPR principles, businesses must comply with the “transparency requirements”.

The transparency principles require all data controllers (your business) to notify data subjects (your customers) about their personal data handling practices through a privacy policy, at the time that data is collected. For an online business, that will usually be done via their website privacy policy.

A privacy policy informs data subjects about how your organisation collects, uses, stores, transfers and secures personal data.

In addition to a privacy policy, your business website should also notify users about your general website terms and also a cookie policy. In addition, you may wish to display your general trading terms of business on your website.

When collecting personal data from a data subject, as a data controller, the UK GDPR requires you to provide the data subject with the following information:

  • your business identity (meaning the name of the legal entity), contact details and details of its representative, if any

  • the contact details of your data protection officer (DPO), where applicable

  • the intended purposes of, and the legal basis for, the processing

  • where the processing is based on the “legitimate interest” ground, what legitimate interest is being pursued

  • the recipients or categories of recipients of the personal data, if any

  • where applicable, the fact that your business intends to transfer the personal data to a recipient in a country outside the UK or an international organisation, and the existence or absence of adequacy regulations or information about the appropriate or suitable safeguards adduced to secure the data and the means to obtain a copy of them

A business must also provide the data subject with the following information to ensure fair and transparent processing:

  • the period for which the personal data will be stored, or, if that is not possible, the criteria used to determine that period

  • the existence of the individual’s:

    • right of access

    • right to rectification

    • right to erasure

    • right to restriction of processing

    • right to object to processing

    • right to data portability

  • where processing is based on the individual’s consent, the right to withdraw that consent at any time

  • the individual’s right to lodge a complaint with the Information Commissioner

  • whether the provision of personal data is a statutory or contractual requirement or a requirement necessary to enter into a contract. The individual must be informed about any obligation to provide personal data and of the consequences of a failure to do so

  • the existence of automated decision-making or profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of that processing for the individual

If you have any queries about website privacy policies or other data protection or e-commerce issues, please contact our Stephen Thompson on or 07970 160166.




Contact Our Team
Fflur Jones
Managing Partner
View Profile
Owen John
View Profile
Rachel Ford-Evans
Senior Associate
View Profile
Rhodri Evans
Senior Associate
View Profile
Siobhan Williams
Senior Associate
View Profile
Stephen Thompson
View Profile

I have worked with Darwin Gray for a number of years and the level of service, professionalism and timely response is second to none. I would highly recommend Darwin Gray to any business.”

Becs Beslee
Dice FM Ltd

Darwin Gray have provided us with a first-class service for many years now. They really take the time to understand our business and develop relationships which results in advice and support that is contextualised and effective.”

Rebecca Cooper
ACT Training

We have worked with Darwin Gray for several years and have always found their services and advice to be first class.”

Karen Gale
Stepping Stones Group

An extremely professional and sincere company who make time for your queries and understand the need to break down certain facts and information to ensure everything is understood perfectly. I would highly recommend the company to anyone looking for any type of legal advice”

Gwawr Booth
Portal Training Ltd

PSS has worked with Darwin Gray for many years. We have always received an excellent service. Prompt and professional advice and support.”

Ledia Shabani
Property Support Services UK Ltd

We have used several departments within DG recently and we have been very pleased with an effective, efficient and down to earth service. Very happy thus far and I expect that we will continue to use DG.”

Guto Bebb
Farmers’ Union of Wales

Darwin Gray offer us truly superb services. Very professional, quick and services available bilingually which is very important to us, highly recommend.”

Iwan Hywel
Mentrau Iaith Cymru

My “go to” in urgent and time sensitive cases for direction, support and advice. The team are quick to respond to calls or emails for advice and support on all matters. Always explain complex matters in a way a lay person can easily understand.”

Margot Adams
Guarding UK Ltd