GDPR: Template privacy notice and statements

On this page you will find various template documents to help you prepare for GDPR together with links to notes and guidance to help you use them.

Data protection and retention policy

This policy is an internal document that sets out your organisation's approach to using data. It is a set of rules and principles for the people running your group, or working with it, about how to treat data.  

Privacy notice and privacy statements

Privacy notice (sometimes called a 'privacy policy') – this is a bit like an external version of your Data Protection policy. It should be available to all individuals you are involved with and should set out how their data will be used by your organisation. Ideally it would be on your website and available as a PDF/printer-friendly version too.

Privacy statements – these contain information that should be available to individuals at the point at which you are collecting their data. You will probably need multiple privacy statements for different people/situations (e.g. one for members, one for volunteers, one for people signing up to a marketing mailing list). They should have clear and simple information about why you are collecting data and how you will use it.  They normally also point to more detailed information available in your privacy notice.

We hope you find this Making Music resource useful. If you have any comments or suggestions about the guidance please contact us. Whilst every effort is made to ensure that the content of this guidance is accurate and up to date, Making Music do not warrant, nor accept any liability or responsibility for the completeness or accuracy of the content, or for any loss which may arise from reliance on the information contained in it.