GDPR Privacy Notice Template
Compliant privacy notice template covering all mandatory Articles 13-14 disclosures for data collected directly from individuals and from third-party sources.
Quick Answer
A GDPR-compliant privacy notice must cover 13 mandatory disclosure elements including controller identity, processing purposes, legal bases, retention periods, data subject rights, and the right to complain to a supervisory authority.
Compliance Checklist (8 items)
Penalty if not compliant
Up to €20 million or 4% of global annual turnover; enforcement notices requiring updated notices to be issued to all affected individuals.
Frequently Asked Questions
What is the difference between a privacy notice and a privacy policy?
A privacy notice is addressed to individuals whose data you collect — it is a legally required disclosure document. A privacy policy is typically an internal document describing how the organisation manages data. In practice, many organisations use the terms interchangeably for the public-facing document.
When must a privacy notice be provided?
For data collected directly: at the time of collection. For data obtained indirectly (from third parties or public sources): within a reasonable period, but no later than 1 month, or at first contact with the individual.
Does a privacy notice need to be a separate document?
No. The GDPR requires the information to be provided; the format is flexible. It can be layered (summary + full), embedded in an app, provided verbally (with a record kept), or displayed in a QR code — as long as it is easily accessible and in plain language.
Need this turned into a real document?
Our compliance sprint service delivers production-ready documents tailored to your organisation in 5–15 business days. A senior compliance specialist reviews every document before delivery.