Here's a practical breakdown of UK GDPR as it applies specifically to retirementhousing.uk
What it is UK GDPR
Is the UK's post-Brexit version of EU GDPR, now also updated by the Data (Use and Access) Act 2025, which came into force in February 2026. If you are a UK-based organization, UK GDPR applies to your collection and use of individuals' personal data. The ICO (Information Commissioner's Office) is the regulator. Didomi
What applies to your website specifically
1. Cookies and tracking You must obtain informed, freely given, specific consent before placing any non-essential cookie or similar tracking technology on a visitor's device. Essential cookies — those strictly necessary for a service the user has explicitly requested, such as a session cookie that keeps a shopping basket alive — are exempt. Marketing cookies, analytics trackers like _ga or _fbp, and advertising pixels are not exempt and require prior consent. KukieIn practice this means a proper cookie banner where analytics/marketing are opt-in, not pre-ticked.
2. Lawful basis for processing
You must identify and document a valid basis before you begins processing — not after the fact. The main bases are:consent, contract, legal obligation, vital interests, public task and legitimate interests. For most website owners, the three that matter most are consent (particularly for marketing cookies and email lists), contract (processing an order or delivering a service), and legitimate interests. The DUAA 2025 also added a seventh basis — "recognized legitimate interests" — for things like fraud detection. Kukie For retirementhousing.uk the likely bases are:Consent — newsletter signups, guide alert emails, marketing cookiesContract — processing enquiries or developer listings LegitimateInterests — basic site analytics, fraud prevention
3. Privacy notice (privacy policy)
Your site must have a clear privacy policy explaining what data you collect, why, how long you keep it, and who you share it with. This is non-negotiable. For your site, data collected includes enquiry form submissions, email signups, property search behavior, and developer account data.
4. Data subject rights
Users have the right to access, correct, delete, and port their data, and to object to processing. These include access, correction, deletion, portability, objection and restriction. You need a way for people to submit these requests (a contact email is fine for a small site). Clym
5. Security
Organizations must maintain records, support data subject rights, ensure valid consent where required, and implement robust security and accountability measures.For your site practically: HTTPS, secure form handling, not storing enquiry data in plain-text spreadsheets, and access controls on your developer dashboard. User centric
6. Breach reporting
Notify the ICO within 72 hours of a high-risk breach, and notify individuals if risks are serious. Clym7. FinesUp to £17.5m or 4% of global turnover for severe breaches, and up to £8.7m or 2% of global turnover for lesser breaches. Clym Your practical checklist for retirementhousing.uk Requirement What to do Cookie consent Add a cookie banner (e.g. Cookie bot, Cookie Yes) — analytics/marketing opt-in only Privacy policy Write one covering enquiry forms, email signups, developer accounts, analytics Cookie policy.
Separate page listing every cookie, its purpose and duration Terms of use For developer listings and user accounts Email signups Explicit opt-in checkbox — no pre-ticked boxes Enquiry forms State clearly how data is used ICO registration Register with ICO (fee is £40–£60/yr for small organizations).
Data deletion requests Provide a contact route for users to request deletion HTTPS Must be enabled across the whole site One thing specific to your audience Your users are predominantly over-55s and their families, and you may collect health-adjacent data if users filter by care level or disability needs. data, including health and biometric data, requires explicit consent or another legal ground.Be careful how you store care-need preferences from search filters — treat these with extra caution. Clym The ICO's own guidance at ico.org.uk is free and practical — worth bookmarking as your primary reference.
