Dashboard
Dashboard Make a document Ask a lawyer Get guidance Home
Account
Profile information Account settings
Logout
Help
Help Contact us
Explore
Make documents Ask a lawyer Get guidance About us
Account
Sign up Log in
Help
Help Contact us
Make documents
Easily make legal documents
See all documents
Popular business documents
Popular employment documents
Popular property documents
Popular family documents
Terms and conditions Privacy policy Non disclosure agreement Shareholders' agreement
Employment contract Health and safety policy Settlement agreement Consultancy agreement
Tenancy agreement Lodger agreement Eviction notice Declaration of trust
Affidavit Prenuptial agreement Last will and testament Power of attorney
Ask a lawyer
Get quick legal advice from a lawyer
Ask your question
Popular legal topics
Bespoke legal drafting Start a business Startup legal help Run an online business
Hire employees Manage employees Discipline employees Dismiss employees
Rent residential property Rent commercial property Manage rented property Tenant eviction service
Get divorced Apply for probate IR35 status determination advice Settlement agreement advice
Get guidance
Get reliable legal guidance
Read legal guides
Popular business guides
Popular employment guides
Popular property guides
Popular family guides
Make terms and conditions Run a private limited company Types of shares Ending a contract
Overpayment of wages Notice periods Summary dismissal Implied employment terms
Declaration of trusts Legal interests in property Section 21 notices Security of tenure
Affidavits Executing a will Changing your name Getting married
About us
Learn more about Rocket Lawyer
Contact us
Get more information
Pricing
Help
About us
Careers
  1. /gb/en
  2. Legal guides
  3. Data privacy and cookies

Data privacy and cookies

Data protection and privacy laws are particularly important for online businesses which handle personal electronic data or use cookies.

Make your Data protection policy
Get started
Answer a few questions. We'll take care of the rest

The Data Protection Act 2018 (DPA) is designed to regulate the use of personal data by businesses and other organisations. The DPA is the main legislation implementing the General Data Protection Regulations (GDPR) in the UK.

Anyone processing personal data must ensure that it is:

  • used fairly, lawfully and in a transparent manner;

  • collected for specified, explicit and legitimate purposes;

  • adequate, relevant and its collection limited to what is necessary;

  • accurate and kept up to date;

  • kept in a form that enables identification of data subjects for no longer than is necessary;

  • handled according to the data protection rights of individuals;

  • kept secure and not transferred outside the European Economic Area (EEA) without adequate protection.  

From 25 May 2018, organisations that determine the purpose for which personal data is processed (i.e. data controllers) must pay the Information Commissioner's Office (ICO) a data protection fee unless they are exempt. To find out more about the data protection fee, see the guidance on the ICO's website.

Cookies are files stored on a computer’s browser by websites which can be used for various purposes, often related to marketing or advertising.

GDPR

If you use cookies to uniquely identify a device or the person using that device, it is considered personal data under the GDPR. This means that cookies used for analytics, advertising and functional services come within the ambit of the GDPR. To be compliant, you'll need to stop collecting cookies that uniquely identify individuals or find a lawful ground to collect and process that data, for example, consent.

Such consent must be:

  • given through a clear affirmative action, such as clicking an opt-in box or choosing settings or preferences on a settings menu. Simply visiting a website doesn’t count as consent.

  • given freely and genuinely

It must be as easy to withdraw consent as it is to give it. This means that if you want to tell people to block cookies if they don’t give their consent, you must make them accept cookies first. You must also give people the option to change their mind, i.e. by providing an opt-out option. This is especially important if you wish to implement the 'soft opt-in' option.

Privacy and Electronic Communications Regulations

The Privacy and Electronic Communications Regulations (PECR) set out certain online marketing obligations and govern the use of cookies (also known as the Cookie Law).

Under the PECR, websites cannot use 'non essential' cookies unless the consent of the user is expressly given - in other words, users must first opt-in before such cookies can be deployed.

Non-essential cookies are those which are used for analytical purposes or to assist with advertising. Even cookies which customise a website (such as providing a greeting message) are deemed to be non essential.

Essential cookies are generally those which enable an online checkout process to work properly - or if required for technical or security purposes.

Failure to comply with the Cookie Law can lead to fines of up to £500,000. There are also smaller penalties, such as being sent an information notice or an enforcement notice.

A website privacy policy helps to reassure visitors that their personal data is protected and can assist in compliance with the GDPR and the Cookie Law.

Make your Data protection policy
Get started
Answer a few questions. We'll take care of the rest

Follow us

We use cookies to provide the best experience