Consumers are demanding more protection online, and our legal systems are responding. Learn more about frameworks already in existence that you must be compliant with or — if you aren’t already required by law - get your website ready for what is likely to be future legislation in your country or state.
What are GDPR and CCPA?
GDPR (General Data Protection Regulation):
- GDPR is a European law that protects people's personal information
- If your company's website collects data from people in Europe, certain rules must be followed
- You should ask for permission to collect data, explain how you use it, and keep it safe
- People have the right to access, correct, or delete their data
- To comply, review your website's data collection, update your privacy policy, and have a process to handle requests from people about their data
CCPA (California Consumer Privacy Act):
- CCPA is a California law that protects people's personal information
- If your company operates in California or collects data from Californians, certain rules must be followed
- You should tell people what data you collect and give them the option to say no to selling their data.
- People have the right to access and delete their data, and you can't treat them badly for using these rights
- To comply, update your privacy policy, provide options to opt out of data sales, and have a process to handle requests from people about their data
As consumers, we spend a significant amount of time online and engaging with digital media. For instance, a study conducted by The Wall Street Journal in August 2020 found that the average U.S. adult spends approximately 16 hours each day with digital media. However, it is crucial for us to be concerned about our privacy when using the internet.
The legal system around the world is taking action to protect consumers online. In 2018, the European Union passed the GDPR. In January 2020, the CCPA went into effect in the state of California.
These new laws aim to protect individuals' privacy online and give them more control over their personal data. It also prevents businesses from gathering personal data without permission or another lawful reason.
Do you need to comply with GDPR and CCPA?
If you collect any kind of data from visitors in Europe or California, these regulations apply to your business. Similar to the GDPR, the CCPA says that businesses must disclose to consumers what information they collect, why they collect it and with whom they share user data. Under the CCPA, online users can request that their data not be shared and can request to have it deleted. Facebook famously overhauled their privacy features in response to the CCPA with giving users many more options to control their data.
The Sanger & Eby team highly recommends that you take steps now to protect consumers’ privacy on your website. Not only are regulations rapidly expanding, but 85% of consumers will not do business with a company if they have concerns about its security practices.
How to start protecting consumers now:
- Avoid ignorance – First and foremost, do not bury your head in the sand on the topic of data privacy and consumer security. Audit your website for all areas where you are collecting data and information from your website visitors. Newsletter sign-ups? E-commerce? Online Job Applications? Don’t forget Analytics in this step – collecting IP addresses is considered personal data.
- Be transparent – If you collect any information from your website visitors, let them know! Offer a clear privacy policy that discloses exactly what data is collected and how it is used.
- Get consent – When you do collect data from your customer, always get their consent before it is shared with others.
Read the about CCPA regulations and GDPR compliance and reach out to the Sanger & Eby team with specific questions.
Do you have specific questions or concerns about data security? Or do you need to make your website compliant with an existing legal or accessibility framework? Sanger & Eby can help. Contact us today to get started.