How to explain GDPR in plain English

Under the new data protection regulation (GDPR), all companies or organisations which use customers' personal information, must explain how they process this data. GDPR also requires that all information provided is concise, transparent, intelligible and easily accessible. Using plain English can help customers to understand quickly and easily. Our tips and examples can help . . .

Five tips and examples

Customers are starting to hear about General Data Protection Regulation (GDPR), the new EU privacy regulations, but many are not sure what it means for them. GDPR states that all companies or organisations which use customers’ personal information must explain how they process this data.

GDPR also requires that all information provided uses ‘clear and plain language’ and is ‘concise, transparent, intelligible and easily accessible’. Using plain English can also help customers to understand quickly and easily.

Five tips

  1. Avoid legal jargon and explain all terms clearly.
  2. Create short sections with clear headings.
  3. Use numbering and bullet lists where possible.
  4. Keep sentences and paragraphs short.
  5. Provide concrete examples where possible.


Take a look at examples of how to apply these tips when explaining GDPR:

The General Data Protection Regulation (GDPR) is a new EU regulation which comes into force on 25 May 2018. Its aim is to improve privacy and give greater control to customers and citizens over their personal information and how it is used.

This guide explains how we will handle your personal information (or process your data). It also explains your rights under the new regulations.

  1. What is personal data?

Personal data is information that can identify you. This includes:

  • Biographical information (e.g. your name, address, date of birth, PPS number, passport number, gender, family members and nationality)
  • Contact details when you write to us (e.g. postal address, email address and phone number)
  • Information we collect when you contact us online (e.g. email address, password, location and IP address)
  • Payment information (e.g. credit card and bank account details)
  • Photos of you, your home, etc.
  1. What does ‘processing your personal data’ mean?

It means collecting, storing, using, sharing and deleting your information.

  1. Will you ask me for my personal data?

Yes. We will ask you to agree or ‘consent’ to providing your personal data to us.

If you tick a box on our website to receive a newsletter (and give us your email address), we will then email you with a link to click, to confirm you consent to sharing your personal data with us.

  1. Do I have to give you my personal data?

No. You do not have to consent to giving us any personal data.

However if you do not consent, you might not be able to buy products or receive information from us (unless you change your mind and decide to ‘opt in’).

  1. Can I ask you to delete my personal data?

Yes. This is sometimes called the ‘right to be forgotten’. We must delete all your personal data if ask us to.

Want more help?

We would be delighted to help you to edit and proofread your GDPR customer information. Or would you prefer a training course in how to write plain English?

Contact us for a quick quote.