Free GDPR privacy policy templates

Make sure your business complies with European privacy law if it has a presence in the EU.


Fact checked

Lawpath - GDPR Privacy Policy

Lawpath - GDPR Privacy Policy logo


the following template

  • GDPR Privacy Policy
  • Your first template is free
Get Template

We’re reader-supported and may be paid when you visit links to partner sites. We don’t compare all products in the market, but we’re working on it!

If your company operates in the European Union (EU) in some way, you need to make sure its privacy policy complies with the General Data Protection Regulation (GDPR). Failing to comply can result in hefty fines. This guide defines the GDPR and what you need to know to compose a compliant privacy policy.

What is a GDPR privacy policy?

The GDPR is a data protection law that came into effect in 2018 and replaced the Data Protection Act of 1998. GDPR is designed to give EU citizens more control over how their personal information is collected and used by organisations. The law requires organizations to outline what information they collect, why, and what they do with it in a clearly defined privacy policy.

The fine for violating the law can be up to 4% of your company's global revenue or €20 million, whichever is higher.

GDPR privacy policy

Download this template at Lawpath

When should I use a GDPR privacy policy?

According to the Office of the Australian Information Commissioner, an Australian company must have a GDPR policy if it:

  • has an office or other presence in the EU,
  • sells products or services in the jurisdiction,
  • collects and tracks online users in the EU to analyse and predict their personal preferences and behaviours.

You should clearly display your company's GDPR policy on your website. It is recommended that you use a popup or checkbox to confirm that users consent to the way you will use their personal data.

GDPR privacy policy vs standard privacy policy

The GDPR requirements go further than previous European policies and Australian privacy law. GDPR privacy policy expands the definition of "personal data" beyond personal details to include location data, online identification, genetic information, and so on.

GDPR requires users to be able to opt-in to provide consent for the collection of their data. Organisations are directly responsible for their compliance with the legislation and they are required to report data breaches within 72 hours.

What does a GDPR privacy policy include and not include?

A GDPR privacy policy includes specific details of how a company collects, use and stores user data, customers' rights and how the company will comply with the legislation.

What is included in a GDPR privacy policy?

A GDPR privacy policy must include identity and contact details of the organisation and its data protection officer. It should include clauses that explain how and why the company will:

  • Collect personal data from consumers
  • Use the personal data it collects
  • Disclose personal data to third parties safely
  • Store personal data and keep it secure
  • Host data and transfer it internationally
  • Make use of cookies on its website
  • Protect customers' rights under GDPR

The policy should also include how long the organisation will retain the data and how it will decide the time period; that users have the right to withdraw consent or lodge a complaint; whether users are required to provide personal data and the consequences if they do not provide the information.

What is not included in a GDPR privacy policy?

GDPR policy must be tailored specifically to the audience, so you should not use the same notice for different situations. You may need to adjust the content and translate the language of your privacy policy for different customer groups or versions of your website.

GDPR policy notices should avoid unnecessary legal jargon and technical terminology that will be difficult for readers to understand easily.

How effective is a GDPR privacy policy?

A clear GDPR privacy policy document is important for making sure that your business complies with the EU legislation. It can provide an effective defence in the event there is a legal challenge against the way customer data is used.

Do I need a lawyer for GDPR privacy policy?

You do not need a lawyer to write a GDPR-compliant policy. However, consulting a data protection lawyer that has specific knowledge of the European legislation can help ensure your company's policy meets the requirements.

Data indicated here is updated regularly
Name Product What's offered? Starting price to become a member Annual Fee from Any free legal documents?
Legal documents and templates, Access to lawyers, Legal guides, Legal advice
$79 per month (billed monthly)
Essentials: $288
You can view samples for free and you can create your first document for free.
Choose an annual plan from just $288 and get unlimited revisions to your legal or business documents. Plus, unlock exclusive partner offers.
Legal documents and templates, Access to lawyers, Legal guides, Legal advice
$7.99 per month (prepaid for one year)
You can view samples for free and you can create your first document for free.
Get free legal documents in five to ten minutes.
Legal documents and templates, Access to lawyers, Legal guides, Legal advice
$699 (or choose a free template)
Some documents are free to download. Get access to all documents with a membership.
Pick between a fixed-fee package from $99 and a 12-month plan that unlocks a host of membership benefits for $699.
Legal documents and templates, Access to lawyers, Legal guides, Legal advice
Varies per template
Get legal templates for any business type in Australia.
Legal documents and templates, Access to lawyers, Legal guides, Legal advice
$199 per month (bill monthly)
Some documents are free to download. Get access to all documents with a membership.
Your business can take advantage of unlimited lawyer consultations, fast turnaround times and free legal templates with LegalVision.
Law Central
Law Central
Legal documents and templates, Legal guides, Legal advice
Free for the Silver membership
Gold: $99
You can view samples and create your own document for free with the Silver membership.

Compare up to 4 providers

How do I write a GDPR privacy policy?

GDPR requires that you write your company's privacy policy in clear language so that users are well informed of how their data will be used. The wording should be "in a concise, transparent, intelligible, and easily accessible form".

Policy notices should avoid using vague qualifiers such as "might," "some," or "often," that create ambiguity and provide loopholes. Sentences should be well structured in the active tense and use bullet points to highlight specific areas.

The European Commission provides guidelines on how to write a compliant policy, with examples of good and bad practice. Some law firms provide GDPR privacy policy templates you can use to help get started.

  • Lawpath. Lawpath is an online legal resource for small businesses and entrepreneurs. It offers a range of free samples of legal documents on its website, but users must sign up to download and customise them.
  • Wonder.Legal. Wonder.Legal hosts more than 140 document templates, all of which you can purchase for a one-time fee. It offers a GDPR-compliant privacy policy that operates under UK law rather than Australian law on its UK site.
  • Legal123. Legal123 is an online law firm that offers document templates, legal packages, and free legal guides for small businesses. It provides specific GDPR clauses that companies can append to their existing privacy policy documents for a fee of $59+ tax.
  • Found Legal. Found Legal provides legal services, templates, and other resources for small businesses, including a privacy policy template that covers GDPR compliance for a fee of $165.

More guides on Finder

Ask an Expert

You are about to post a question on

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Go to site