UK freelancers are legally required to have a privacy policy, a cookie notice, and clear business identity information on their website – and depending on what you sell, you may also need terms and conditions, a complaints procedure, and an accessibility statement. Getting this wrong does not just risk fines of up to £17.5 million from the ICO – it can make your contracts unenforceable.

If you have been putting off the boring legal bits of your freelance website, you are not alone. But the law does not care whether you are a one-person operation or a FTSE 100 company. The same data protection rules apply. The good news is that getting compliant is more straightforward than you think – and once it is done, you can stop worrying about it.

Here is exactly what UK law requires, page by page.

Privacy Policy – Non-Negotiable Under UK GDPR

If your website collects any personal data at all – and it almost certainly does – you are legally required to publish a privacy policy. This is not optional guidance. It is a direct obligation under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Personal data includes anything that can identify a person: names, email addresses, IP addresses, even cookie identifiers. If you have a contact form, a newsletter signup, analytics tracking, or an online booking system, you are processing personal data.

What Your Privacy Policy Must Include

The ICO sets out specific requirements for what your privacy notice must contain. At minimum, it needs to cover:

  • Your identity and contact details – your name (or business name) and how people can reach you
  • What personal data you collect – be specific, not vague
  • Why you collect it – your lawful basis for processing under UK GDPR (consent, legitimate interest, contractual necessity, etc.)
  • How long you keep it – your data retention periods
  • Who you share it with – any third parties, payment processors, email marketing platforms
  • International transfers – if data goes outside the UK (and it probably does if you use US-based tools like Mailchimp or Google Analytics)
  • People’s rights – the right to access, rectify, erase, restrict, and port their data, plus the right to object and the right to complain to the ICO
  • Whether you use automated decision-making – including profiling

The ICO is clear that your privacy notice must be written in plain, accessible language – not legalese. People need to understand it before they hand over their data.

If you are not sure where to start, K&K Legal Consulting offers ready-made privacy policy templates specifically designed for UK freelancers and sole traders – drafted by qualified legal professionals and far cheaper than hiring a solicitor from scratch.

ICO Registration – Yes, Freelancers Too

Here is one that catches many sole traders off guard: if you process personal data electronically – which includes having a website with a contact form – you almost certainly need to pay the ICO’s annual data protection fee. For sole traders and micro-businesses, this is currently £40 per year (or £35 by direct debit). Failure to pay can result in a fine of up to £4,350.

You can check whether you need to register using the ICO’s self-assessment tool.

Cookie Notice – Required Under PECR

Separate from your privacy policy, UK law requires a cookie notice under the Privacy and Electronic Communications Regulations 2003 (PECR). If your website sets cookies – and virtually every website does – you must:

  1. Tell visitors what cookies you use and what they do
  2. Get consent before setting non-essential cookies – this means a proper cookie banner with genuine opt-in, not a “by continuing to browse you accept cookies” statement
  3. Give visitors an easy way to manage their preferences – including declining non-essential cookies

The DUAA Changes – What Has Shifted

The Data Use and Access Act 2025 (DUAA), which came into force in stages from mid-2025, has changed the cookie landscape slightly. You can now set strictly necessary cookies and certain analytics cookies without consent, provided:

  • The analytics are purely for aggregate statistical purposes (improving your website)
  • You are not tracking, identifying, or profiling individuals
  • You are not using the data for advertising
  • You provide clear information about the analytics and offer an opt-out mechanism
  • Any third-party analytics provider acts only on your behalf, not for their own purposes

This means if you are using a privacy-respecting analytics tool purely to understand page views and bounce rates, you may no longer need consent for that specific cookie. But be careful – the ICO’s draft guidance makes clear this is a narrow exception. Standard Google Analytics setups that share data with Google for advertising purposes would not qualify.

Cookie consent violations now carry potential fines aligned with UK GDPR penalties – up to £17.5 million or 4% of annual turnover.

Terms and Conditions – Required if You Sell Online

While terms and conditions are technically optional for a purely informational website, they become a legal requirement the moment you sell goods or services through your site. This includes selling digital products, taking bookings, or offering paid consultations.

Under the Electronic Commerce (EC Directive) Regulations 2002 and the Consumer Rights Act 2015, your terms must include:

  • Your full business details – name, geographic address, and email
  • Clear pricing – including VAT, delivery costs, and any additional charges
  • How the ordering process works – the technical steps to place an order
  • Payment terms and methods accepted
  • Delivery information – timeframes and any limitations
  • Cancellation and refund rights – consumers generally have a 14-day cooling-off period for online purchases under the Consumer Contracts Regulations 2013
  • Complaint handling procedure
  • Governing law and jurisdiction

If you do not have compliant terms and conditions, your contracts with consumers may not be enforceable – which is a far bigger risk than any fine.

K&K Legal Consulting’s contract templates cover freelancer service agreements, terms of business, and website T&Cs – all drafted for UK law and updated for current regulations.

Business Identity Information – The Bit Most People Miss

Under the Electronic Commerce Regulations 2002 and the Companies Act 2006 (Part 41), you must make certain business information easily accessible on your website. What you need to display depends on your business structure.

Sole Traders

  • Your name (or the name of the business proprietor)
  • A geographic address where you can be contacted (a PO Box alone is not sufficient)
  • An email address
  • If you trade under a name other than your own surname, you must display your real name and a service address prominently

Limited Companies

  • Registered company name
  • Company registration number
  • Place of registration (e.g., “Registered in England and Wales”)
  • Registered office address
  • If displaying prices, whether they include VAT
  • Your VAT number (if VAT-registered)

Regulated Professions

If your freelance work falls under a regulated profession – such as accounting, legal services, or architecture – you must also state the professional body you are registered with, your professional title, and the applicable rules of conduct.

Accessibility Statement – The Growing Requirement

While the UK does not yet have a standalone law mandating website accessibility statements for all private sector businesses, the Equality Act 2010 requires that services (including websites) are accessible to people with disabilities. The current benchmark is WCAG 2.2 AA compliance.

In practice, publishing an accessibility statement – describing your site’s current compliance level and how users can report issues – is increasingly expected and strongly recommended. Public sector organisations are already required to have one, and the direction of travel is clear.

Additional Pages Worth Considering

Beyond the strict legal requirements, several additional pages can protect you and build trust:

Disclaimer

If you provide any form of advice – whether about tax, health, business, or technology – a disclaimer clarifying the limits of that advice can protect you from liability claims. This is especially important for freelance consultants, coaches, and content creators.

While copyright exists automatically in the UK, a clear copyright statement reinforces your ownership of your content and makes it easier to pursue infringement.

Acceptable Use Policy

If your website has any interactive features – comments, forums, file uploads – an acceptable use policy sets out what behaviour is permitted and gives you grounds to remove content or ban users.

Getting It Done – Practical Steps

Here is a realistic action plan for getting your freelance website legally compliant:

  1. Start with your privacy policy – it is the most critical and the most likely to trigger enforcement action if missing
  2. Add a proper cookie consent mechanism – not a fake banner, a real one with granular controls
  3. Check your business identity information – make sure your name, address, and email are displayed
  4. If you sell online, draft your terms and conditions – or get a template and customise it
  5. Register with the ICO and pay your annual fee
  6. Review your accessibility – even a basic statement shows good faith
  7. Set a calendar reminder to review everything annually – the law does change

You do not need to hire a solicitor for most of this. K&K Legal Consulting offers affordable template bundles specifically for UK freelancers, covering privacy policies, terms and conditions, GDPR compliance documents, and more – all drafted by legal professionals and ready to customise.

Do Not Wait for a Complaint

The ICO’s approach to small businesses is generally proportionate – they would rather educate than punish. But that goodwill depends on you making a genuine effort to comply. Having nothing in place is not an oversight they will overlook.

Your website is your shopfront. Just as a physical premises needs fire safety signage and trading standards compliance, your digital presence has legal requirements. Tick them off, and you can focus on what you actually do best – the work itself.