GDPR Document Generator — Privacy Policy, RoPA, TOMs, Retention Policy

Step 1 of 6

Company Profile

Tell us about your company so the documents reflect your actual context.

Company name

Sector

Company size

Countries of operation

Main business activity

Please fill in the required fields before continuing.

Step 2 of 6

Personal Data

What personal data does your company process? Select all that apply.

Personal data you process

Customer / client dataPurchases, accounts, service usage

Employee & HR dataPayroll, performance, contracts

Supplier / vendor contactsNames, emails, contract details

Website visitorsAnalytics, cookies, IP addresses

Marketing prospectsNewsletter subscribers, leads

Children's dataUnder 18

Special category data

Yes — health or medical data

Yes — biometric or genetic data

Yes — criminal conviction records

No — none of the above

Primary legal basis

Contract PerformanceProcessing is necessary to fulfil a contract

Legitimate InterestYou have a legitimate business reason

ConsentIndividuals have given explicit consent

Legal ObligationRequired by law (e.g. tax, employment law)

Please select at least one data type, special category data, and a legal basis.

Step 3 of 6

Third Parties

Tell us about any third-party processors and international transfers.

Does your company use third-party processors?

Yes

No

List your key processors

e.g. Google Analytics, Stripe, Mailchimp, AWS, HubSpot — one per line

Do you transfer data outside the EU/EEA?

Yes

No

Which countries?

Step 4 of 6

Security & Governance

Your security measures and governance arrangements help us tailor the TOMs document.

Security measures in place

Encryption at rest

Encryption in transit (HTTPS/TLS)

Regular data backups

Role-based access controls

Security awareness training

Penetration testing / vulnerability scans

Incident response plan

ISO 27001 certification

SOC 2 certification

Do you have a Data Protection Officer?

Yes, appointed

No, but considering

No, not required for our size

Uses cookies or tracking technologies?

Yes — analytics and marketing

Yes — analytics only

No

Step 5 of 6

Retention & Contact

Contact details for the privacy policy and data retention periods.

Company address

Privacy contact email

Customer data retention

Employee data retention

Step 6 of 6

Delivery

We'll send the four documents to your email and display them here.

Email to receive your report *

Your name (optional)

I understand these are AI-generated documents that should be reviewed by a legal professional before publication.

Please enter your email and confirm you understand the documents require legal review.

Four GDPR documents. One intake form.