Most websites collect information about their users, either submitted by the user himself, or collected automatically, through cookies and other technologies. Business owners need information in order to deliver their products, advertise their services, communicate with customers and prospective customers, and improve their website functionality. Customers and visitors to your site are naturally concerned about what happens to their information - how it is stored, who has access to it, and what safeguards protect their privacy.
Virtually every country has enacted some sort of data privacy laws to regulate how information is collected, how data subjects are informed, and what control a data subject has over his information once it is transferred. Failure to follow applicable data privacy may lead to fines, lawsuits, and even to prohibition of a site’s use in certain jurisdictions. Navigating these laws and regulations can be daunting, but all website operators should be familiar with data privacy laws that affect their users. Some of these include:
U.S. Data Privacy Laws
State Privacy Laws
International Privacy Laws
The most comprehensive data protection legislation enacted to date is the General Data Protection Regulation (GDPR), governing the collection, use, transmission, and security of data collected from residents of any of the 28 countries of the European Union, regardless of the location of the entity collecting the data. Fines of up to € 20 million or 4% of total global turnover may be imposed on organizations that fail to comply with the GDPR. Some important requirements of the GDPR include:
Data Breach Notification: Organizations are required to notify supervisory authorities and data subjects within 72 hours in the event of a data breach affecting users’ personal information in most cases.
Data Subjects’ rights to control personal data: Data subjects must be notified of their rights with regard to their personal data, including the right to access, correct and delete personal information.
Making Your Company Compliant With Data Privacy Laws
Even if your company is based in a jurisdiction that has not implemented comprehensive data privacy legislation, it is important to consider where your potential users might reside and what regulations apply. If you intend to do any business in California or in the European Union, you should be familiar with the requirements of the upcoming CCPA and with the GDPR.
Data protection is becoming more and more important, and will affect users’ decisions about where they do their online browsing and shopping. Increasingly, a company’s reputation for responsible handling of personal data will be an asset that can lead to greater website traffic, more conversions, and a positive impact on profits.