Data Protection (GDPR)

The ProCopywriters Code of Practice addresses data protection directly: “Handle personal data in accordance with data protection regulations” and “Ensure clear, transparent privacy communications.”

As a copywriter, data protection affects you in two ways: how you handle data in your own business, and what you write for clients about their data practices.

The UK GDPR (retained from EU law) and Data Protection Act 2018 govern how personal data must be handled. The key principles are:

• Lawfulness, fairness and transparency — be clear about what you’re doing with data
• Purpose limitation — only use data for specified purposes
• Data minimisation — don’t collect more than you need
• Accuracy — keep data correct and up to date
• Storage limitation — don’t keep data longer than necessary
• Security — protect data appropriately

These principles should guide both your own practices and the copy you write about data handling.

As a copywriter, you’ll often receive personal data from clients: customer research, contact lists for email campaigns, case study subjects. Handle it carefully:

Storage and security

• Store client data securely (encrypted, password-protected)
• Don’t keep data longer than needed for the project
• Delete or return data when the project ends
• Use secure methods to transfer sensitive data

AI tools and data

• Don’t input personal data into AI tools unless you’re certain about their data practices
• Check your client’s policy on using AI with their data
• Anonymise data before using it for AI-assisted analysis
• If in doubt, assume personal data must not be shared

Privacy notices must be “concise, transparent, intelligible and easily accessible, using clear and plain language.” This is a legal requirement, not just best practice.

What a privacy notice must include:

• Who you are (identity and contact details)
• What data you collect and why
• The legal basis for processing
• Who you share data with
• How long you keep data
• People’s rights (access, deletion, etc.)
• How to complain to the ICO

Writing tips:

• Use short sentences and paragraphs
• Avoid jargon — “we” and “you” not “the data controller” and “data subjects”
• Use headings and bullet points for scannability
• Be specific — “marketing emails” not “legitimate interests”

When writing marketing copy that involves collecting personal data, ensure:

Sign-up forms

• Consent language is clear and specific
• Pre-ticked boxes are never used for marketing consent
• It’s obvious what people are signing up for
• Opt-in is separate from other terms acceptance

Email marketing

• Unsubscribe must be easy and obvious
• Sender identity must be clear
• Subject lines shouldn’t be deceptive

Cookies and tracking

• Cookie consent must be informed and active
• Essential cookies can be distinguished from optional ones
• People must be able to decline non-essential cookies easily

Data protection is about respecting people’s privacy and being transparent about how their information is used. Good data protection copy builds trust.

When writing privacy notices or consent language, remember that most people won’t read every word. Your job is to make the key information as clear and accessible as possible.