Case Studies

Privacy Policies and Data Protection
Case Study 1Case Study 2

Case Study 1


Client: Education provider, online

Problem solved: GDPR compliance

Privacy obligations is a big area, seldom understood or discussed in small business. Lots of business owners simply copy and paste a policy from someone else, without even understanding if it’s applicable in their country, or how to comply with it after telling their customers they do.

From May 2018 every business collecting names and email addresses from leads or customers resident in the EU suddenly had to meet general data protection regulation requirements in how they collected, stored and used personal information.


We had quite a number of clients we assisted in pulling together compliant privacy policies, cookie policies and processes to manage personal information. We assisted one of our clients who provides online access to education programs to develop a compliant policy and understand the procedures they needed in place to meet it, as well as how to identify and manage their cookies and put in place an appropriate cookie policy.

For other clients, we helped review their business so they could make an informed strategic decision not to sell into the EU and to geo-block access to their online services to limit their risk of collecting personal information from EU residents.  

Find out more about our Privacy Policy creation service.

Find out more

Case Study 2


Client: Lead generation

Problem solved: Privacy and data protection

Most small business owners understand they have to have a privacy policy to advertise with Google or Facebook, but don’t really look at what it says. You might collect information from people without even realising what privacy laws you are obliged to meet. For anyone providing services related to health, including fitness and wellness services, you must comply with privacy law, regardless of the size of your business. Likewise, businesses who collect and sell leads.



We work with some really smart online marketers who have websites specifically designed to attract leads for certain types of businesses. Once they have collected a lead, they sell the lead to a service provider who is able to deliver the service. From a privacy perspective, we had to work with our client to separate out their obligations to customers where they either sold the lead straight away, kept the lead to ‘warm’ them up for more services, or used the lead themselves to deliver a service – all of which had slightly different processes and obligations. We crafted a privacy policy, and helped them put together procedures to cover all the collection, use and destruction of all the personal information they were collecting.

Need to chat?

Book a no obligation chat with one of our team.

Need help?

Onyx Legal is focused on helping you do business in our online world.

With Onyx, you’ll receive easy-to-understand documents and clear advice that helps you to achieve a real commercial result – more profit, reduced risk, and compliance. We don’t have a ‘billing culture’ and we don’t inflate our services. We simply offer practical legal guidance and essential documents at an affordable price