How To Follow GDPR and CCPA Standards?
Understanding GDPR and CCPA
In 2018, the General Data Protection Regulation, put forth by the EU, went into effect. This outlined specific rights and privacies of users. Beginning in January 2020, California’s own laws, known as the California Consumer Privacy Act, went into effect. Both of these sets of laws impact website owners. Here is what you need to know about the regulations and our recommendations regarding how to remain compliant.
- Make sure you remain fully transparent with all users regarding your data collection
- Do not collect more data than you need
- Be able to separate and classify user data
With the CCPA, you must also provide people with the ability to opt out of their data being sold to a third party. For any 13-16 year old minor, you must obtain their consent before selling personal information and you must obtain consent from the parents/guardians of any minor under 13 before you sell their data.
3. Do not collect more data than you need. Although it can be tempting to collect as much information as possible, you need to be careful to only collect the information needed. You also want to make sure this information is not stored longer than required. In other words, if users register to only receive a white paper, once you send them the white paper, you cannot use their email for additional promotions unless they give you explicit permission to do so. When they register, you can offer them an option to continue to receive information and promotions, which will allow you to keep using their email.
Along similar lines, make sure your mailing lists have been obtained properly. If anyone on your mailing list did not give expressed consent to receive messages from you, it will be best to delete them. This will be especially applicable if you purchased the list from any third parties.
If you have been using a double opt-in strategy, then you can feel confident that your mailing list was obtained through consent and you can continue to use them.
Go through your mailing list and your practices of obtaining email addresses to make sure no one was added without consent. Including an ‘opt-out’ link in your emails can also help ensure that only people who want to be on your list are included.
4. Be able to separate and classify user data. With the CCPA in particular, businesses must have greater ability to classify user data. People will now have the power to say whether or not they want their information shared with third parties, which means that brands must be able to filter the information of those who give permission and those who do not.
Users also have the right to learn what information precisely has been collected on them from companies. This includes who the information was sold to over the past 12 months from when the customer requested the information. Businesses who do not currently have the ability to uncover this information need to focus efforts on becoming compliant.
Privacy has become an increasingly prevalent concern for users as data collection grows. Respecting your users by complying with these laws does require a shift in some practices, so all site owners should carefully review their domains.