Privacy Laws are tightening up across the globe, it is the responsibility of the business to ensure they are promoting a website that is legal. Is yours?
Getting to know the laws...
There are 2 main laws that you need to familiarise yourself with:
Enforced across the EU, including the UK, in May 2018. This law was implemented to increase the level of data protection for those located in the EU.
GDPR defines personal data as any information that can directly or indirectly identify a human being.
This legislation applies to any entity established in the EU, or those not established in the EU who offer goods and services to EU residents.
For those who do not comply, GDPR states that if there is a breach in the laws businesses may be subject to a fine of €20 Million, or 4% of global turnover.
This legislation is directly for the personal data protection of residents in California, USA. Following from the new privacy law in the EU in 2018, CCPA was enforced in January 2020.
CCPA applies to any For-Profit businesses operating in California and processing data of consumers residing California. CCPA also stipulates that businesses must meet one of the following criteria:
- Annual gross revenue of at least $25M
- Annually processes personal information from more than 50,000 consumers
- Derives at least 50% of annual revenue from "selling" the personal information of CA residents
Businesses who do not comply with CCPA can be subject to fines of $100 and $750 fines are permitted per consumer, per incident, or actual damages, and up to $7500 for each violation. CCPA states there is no cap in fines.
These are not the only privacy laws you need to concern yourself with, but these are the most stringent across the globe. GDPR and CCPA have individual differences to suit the needs of the region they are covering, but both legislations call for businesses to be explicit about what type of cookies are being used, how long the data is stored for, and how the data is processed.
Other countries are starting to follow in tightening up their privacy laws.
Brazil has recently enforced the LGPD (Lei Geral de Proteção de Dados) this law runs parallels with CCPA and GDPR, but specifically for businesses established in Brazil, or for businesses who offer goods and services to people located in Brazil.
Although not yet official, Canada are in the process of updating their data protection laws, CPPA (Consumer Privacy Protection Act), this legislation will align with GDPR and CCPA.
If you are wondering whether your website is compliant with the relevant privacy laws, or if you have any questions regarding Privacy Laws and what we can do to help then email us at [email protected].
Alternatively check out our Consent Packages and we can take care of privacy law compliance for you!