What you need to know about data privacy laws

Published: 02/26/21

Consumers are demanding more protection online, and our legal systems are responding. Learn more about frameworks already in existence that you must be compliant with or – if you aren’t already required by law - get your website ready for what is likely to be future legislation in your country or state.

Graphic reading 'compliance' with icons representing data and law.

An August 2020 study from The Wall Street Journal found that a startling 16:06 hours a day are now being spent with digital media by the average U.S. adult. This statistic is somewhat mitigated by the fact that these hours include overlapping activity, meaning that a person could be working while streaming a movie for two hours resulting in four hours of online activity – but incredible, nonetheless. So it should come as no surprise that privacy and security in our digital home is a top-of-mind and increasing concern.

The legal system around the world is taking action to protect consumers online. In 2018, the European Union passed the General Data Protection Regulation, otherwise known as GDPR. The General Data Protection Regulation is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). GDPR standardizes data protection laws across the EU and attempts to update them with current technology. More importantly, it aims to protect individuals' privacy online and give them more control over their personal data. It also prevents businesses from gathering personal data without permission or another lawful reason.

Do you need to comply with GDPR?

In January 2020, the California Consumer Privacy Act (CCPA) went into effect in the state of California. Similar to the GDPR, the CCPA says that businesses must disclose to consumers what information they collect, why they collect it and with whom they share user data. Under the CCPA, online users can request that their data not be shared and can request to have it deleted. Facebook famously overhauled their privacy features in response to the CCPA with giving users many more options to control their data. Read the complete framework GDPR here and reach out to our team with specific questions.

Do you need to comply with CCPA?

Get ready now: Regulations are headed your way

Even if your business does not have to be compliant with GDPR or CCPA by law, the Sanger & Eby team highly recommends that you take steps now to protect consumers’ privacy on your website. Not only are regulations rapidly expanding, but 85% of consumers will not do business with a company if they have concerns about its security practices.

How to start protecting consumers now:

  • Avoid ignorance – First and foremost, do not bury your head in the sand on the topic of data privacy and consumer security. Audit your website for all areas where you are collecting data and information. Newsletter sign-ups? E-commerce? Don’t forget Analytics in this step – collecting IP addresses is considered personal data.
  • Be transparent – If you collect any information from your website visitors, let them know! Offer a clear privacy policy that discloses exactly what data is collected and how it is used.
  • Get consent – When you do collect data from your customer, always get their consent before it is shared with others. An example of this might be language like, “We partner with Company ABC to offer XYZ service. Can we share your information with Company ABC to receive special offers?” with an opt-in or opt-out ability.

Read the complete CCPA framework here and reach out to the Sanger & Eby team with specific questions.

Do you have specific questions or concerns about data security? Or do you need to make your website compliant with an existing legal or accessibility framework? Sanger & Eby can help. Contact us today to get started.