Your website may not be compliant.
This pack fixes that
Three ready-to-use documents that address the compliance gaps affecting most small business websites in the UK right now — updated for AI tools and the new GDPR rules coming into force in 2026.
THE PROBLEM
Three things most small
business websites get wrong
You run a small business. You have a website — probably with a contact form, a cookie banner, and at least one embedded tool such as Tidio, Calendly, Mailchimp, or Google Analytics.
You may have updated your privacy notice once, years ago. It does not specifically mention any AI tools. Your cookie banner was set up by whoever built your website and has never been reviewed since. You have no formal complaints procedure.
If that description fits, the regulators are not on your side. But this pack is.
WHAT YOU GET — THREE DOCUMENTS
Privacy Notice — updated for AI tools and the Data (Use and Access) Act 2025
The ICO has confirmed that a generic 'we use third-party providers' clause is no longer sufficient. Every AI tool on your website must be named. This template does that — covering chatbots, analytics, booking tools, marketing platforms, and email sign-up tools — with DPA status, international transfer acknowledgement, and a ready-to-use chatbot transparency notice.
Cookie Compliance Checklist — built for the new PECR fine level
The maximum fine for cookie consent breaches is now £17.5 million. Most small business banners were built before this change. This checklist works through every PECR requirement — banner design, consent recording, analytics loading, and Cookie Management Platform setup — with a plain-English testing method that does not require a developer.
Complaints Procedure — ready for the June 2026 deadline
From 19 June 2026, every business must have a documented complaints procedure under the Data (Use and Access) Act 2025. This template is complete, publishable, and takes under an hour to deploy. Fill in the placeholders. Publish it. Done.
The Data (Use and Access) Act 2025 requires a documented complaints procedure in place by June 2026. This pack includes the template.
REGULATORY CONTEXT
The deadlines are real.
None of them are optional.
The compliance obligations this pack addresses are not coming — they are here. The June 2026 complaints procedure deadline is the only one with a future date. Everything else is already in force.
Who is it for?
This pack is for any small business with a website that collects personal data — a contact form, an email sign-up, a booking tool, a chatbot, or analytics. That is most small business websites. You do not need a compliance background to complete the documents. The Companion Guide walks you through every step.
What’s Included.
Privacy Notice template — updated for AI tools, UK GDPR, and the Data (Use and Access) Act 2025
Cookie Compliance Checklist — four sections covering banner, consent, platform, and records
Data Complaints Procedure template — ready to publish before 19 June 2026
Quick Reference Dashboard — your compliance status at a glance, printable and reviewable quarterly
Companion Guide — plain-English walkthrough for completing and deploying every document, including how to test your cookie banner and how to find your DPA agreements