The General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) are two sets of regulations that website owners must comply with if they are serious about doing business online. These acts give consumers control over their personal information, who has access to it, and what they can use it for. The foundations of the GDPR can be summarized as:
- Lawful, transparent and fair processing of data
- Limitations on data storage
- Clarity and restrictions on what data is used for
- Limitations on data collection to ensure only data that is required is requested
The CCPA is similar in some respects to the GDPR, however, it takes a broader view of privacy. California consumers have the right to know what data is stored on them, have data deleted upon request, can opt-out of data collection, and must not be discriminated against should they choose to exercise those rights.
Easy Ways to Make Your Site Privacy Compliant
If you are using a popular content management system or online store such as WordPress, Magento or Shopify then it’s likely you are off to a good start on the technical side of things, although you should still check that your web hosting is compliant with the relevant privacy regulations and that your developers are aware of the importance of compliance.
From a legal standpoint, things may be more complicated, especially if you want to have policies available in multiple languages, or you need to make allowances for analytics, social media integration, or other tools as a part of your policies. That’s why it’s a good idea to work with some legal experts to build accurate and current terms and conditions and cookie policies.
Retaining a law firm just to update your website policies would be prohibitively expensive for most companies. Fortunately, tools such as iubenda’s policy and privacy management systems can do the job for you. Iubenda makes it possible to generate T&Cs and cookie policies with a few mouse clicks. The policies are then kept up-to-date for you, so if there are any changes in legislation you won’t have to worry.
It’s still down to you, as the webmaster, to ensure that you handle data in a safe, fair and legal way. You should delete information that is no longer required, and train employees to put privacy first when dealing with customers. You can rest easy, though, knowing that the legalese is handled for you.