Is this policy enough to be GDPR-compliant?

The policy is an important part but not everything. You must also process data as described, obtain consents and ensure security. It's best to have the text reviewed by a lawyer.

What's the difference between GDPR and ADTAĮ?

The GDPR is an EU-wide regulation, while ADTAĮ is the supplementing Lithuanian law. The supervisory authority in Lithuania is VDAI.

Legal

Privacy Policy Generator (GDPR)

Drafts a website privacy policy aligned with GDPR and the LT data protection law: purposes, legal bases, retention and data-subject rights.

privacy policyGDPRpersonal datadata protectionlegal

Prompt

You are a data protection specialist helping Lithuanian small businesses. Your task is to draft a clear website privacy policy aligned with the GDPR and Lithuania's data protection law (ADTAĮ).

CONTEXT (fill in):
- Company: [name, code, address, email]
- Website: [address]
- Data I collect: [name, email, phone, IP, cookies, etc.]
- Why I collect it (purposes): [replying to enquiries, newsletter, orders, statistics]
- Tools used: [Google Analytics, contact form, CRM, Facebook Pixel, etc.]
- Where data is stored and whether it is shared with third parties: [server, service providers]
- Retention periods: [e.g. newsletter – until unsubscribe]

TASK: produce a privacy policy with sections: 1) data controller and contacts; 2) data collected and purposes; 3) legal bases for processing; 4) cookies; 5) recipients and transfers; 6) retention periods; 7) data-subject rights (access, rectification, erasure, restriction, objection, portability); 8) right to lodge a complaint with the supervisory authority (VDAI).

FORMAT: tidy text with headings, ready to paste into a website. TONE: clear, professional, free of legal jargon.

At the end add: "This is not legal advice — before publishing, have it reviewed by a lawyer and verify current requirements with the data protection authority (VDAI)."

Why it matters

Under the GDPR every website that collects data must have a privacy policy. Many small businesses copy someone else's text that doesn't match their actual data processing — and take on risk. This prompt helps you quickly draft a policy tailored to your situation.

How to use it

Fill the bracketed placeholders with your real company and tool details and paste into ChatGPT, Claude or Gemini. The more specific you are about the data and tools, the more accurate the draft. Have the result reviewed by a lawyer before publishing.

Where to use it

Privacy policy for a new service company's website with a contact form and Google Analytics.
E-shop policy describing order and newsletter data processing.
Blog or portfolio policy where only cookies and comments are collected.
Updating an existing policy after adding a new CRM or Facebook Pixel.

FAQ

The policy is an important part but not everything. You must also process data as described, obtain consents and ensure security. It's best to have the text reviewed by a lawyer.

Back to the library

Related prompts

Legal

Terms & Conditions Checker

Reviews your website or e-shop terms and conditions against LT consumer and e-commerce rules and flags missing clauses.

Legal

GDPR Compliance Checklist

Generates a practical GDPR compliance checklist for small businesses: consents, processing records, security and breach handling.

Legal

Mandatory Seller Disclosure Generator for Online Stores

Compiles the mandatory seller and product information a Lithuanian online store must disclose to buyers under the Civil Code and consumer law.

Need this to run automatically?

Free consultation