What documents does the GDPR Kit generate?

The GDPR Kit generates four documents: a Privacy Policy covering UK GDPR requirements including data categories, legal bases, retention periods and user rights; a Cookie Policy listing every cookie detected with name, provider, purpose and retention; a Cookie Consent Banner in ready-to-paste HTML and CSS; and a Record of Processing Activities (RoPA) as required by Article 30 of UK GDPR.

Do I need a lawyer to review the generated documents?

The generated documents follow current UK GDPR requirements and ICO guidance. For most small and medium businesses, they provide a solid compliance foundation without legal review. However, if your business handles sensitive data categories (health, financial, children's data), processes data at scale, or operates in regulated industries, legal review is advisable.

How do I deploy the consent banner?

The consent banner is provided as self-contained HTML and JavaScript. Paste it as the first element inside your body tag — before any other scripts. It will appear on every page load for new visitors and store consent in a cookie. Connect your analytics and marketing tags to fire only after the user accepts. The banner code includes instructions for connecting to Google Tag Manager.

How to Generate Your GDPR Compliance Documents Now

How the GDPR Kit works

The GDPR Kit scans your website URL and detects all cookies and third-party trackers present. It categorises them as essential, functional, analytics or marketing. It then generates all four compliance documents pre-populated with the actual trackers found on your site — not a generic template.

Why this matters: Generic privacy policy templates list every possible tracker whether you use it or not. The GDPR Kit only documents what is actually on your site — making your policy more accurate and credible.

Deploying your GDPR Kit documents

Step 1 — Privacy Policy and Cookie Policy

Create two new pages on your website: /privacy-policy and /cookies. Paste the generated content into each page. Add links to both pages in your site footer — they must be accessible from every page.

Step 2 — Consent Banner

Paste the consent banner HTML as the first element inside your body tag. Test it on a fresh browser session — you should see the banner before any analytics fires. Check in your browser developer tools (Network tab) that GA4 or your analytics platform does not appear until after you click Accept.

Step 3 — Connect your tag manager

If you use Google Tag Manager, create a Custom Event trigger listening for the consent_accepted event fired by the banner. Move all non-essential tags (analytics, advertising, heatmaps) to fire only on this trigger.

Step 4 — Data Processing Record

Keep the generated RoPA in your internal documentation. You do not publish this — it is an internal record required under Article 30 that you must produce on request from the ICO.

🔒 Generate GDPR Kit Now

Run the GDPR Kit and get actionable results in minutes. Pay as you go.

Generate GDPR Kit →

GDPR Kit: Automated Privacy and Cookie Document Generation

How the GDPR Kit works

Deploying your GDPR Kit documents

Step 1 — Privacy Policy and Cookie Policy

Step 2 — Consent Banner

Step 3 — Connect your tag manager

Step 4 — Data Processing Record

🔒 Generate GDPR Kit Now

Related tools