What Does The Law Say About Data Privacy In Your Business?
What Does The Law Say About Data Privacy In Your Business?

What Does The Law Say About Data Privacy In Your Business?

Nearly all websites collect user information. This information is collected automatically by cookies or other technologies. The user may also submit the information.

Business owners need user information for advertising and communicating with customers and prospects. User information is essential for delivering products and services.

It is also useful for improving website functionality. The people who visit websites are concerned about how their information is used, stored, who can access it, and what privacy protection safeguards are in place?

Nearly every country has enacted a group of laws concerning the privacy of data. These laws regulate how consumer information is collected, how users are informed, and the amount of control that the individual has over his or her information after it is transferred.

Failure to adhere to applicable data privacy laws can lead to fines or lawsuits. A business may even have their website’s use prohibited in specific jurisdictions for non-compliance.

Navigating these types of laws can be daunting, however, every website operator must be familiar with them and how they affect users.

Privacy Laws in the US

There is not a comprehensive federal law governing the privacy of data in the US.

The Federal Trade Commission Act does not specify which information a website’s privacy policy should include.

However, it does prohibit deceptive practices such as:

  • Failing to adhere to a documented privacy policy
  • Failing to provide adequate data security
  • Practising or participating in misleading advertising

Other federal laws governing data collection include:

State Privacy Laws

To date, 25 US states have enacted privacy laws to govern the way residents’ data is collected, stored, and used. Some of these laws apply only to entities within the state government, while others apply to both.

The most comprehensive state legislation governing information privacy is the California Consumer Privacy Act. This law was signed on June 28, 2018, and went into effect on January 1, 2020.

The CCPA imposes specific duties on individuals or entities that collect information from or about a California resident. These duties include informing consumers when and how their information is collected and providing a way for consumers to access, correct, or delete the information. Details must be provided in the privacy policy on the website of the entity who is collecting data.

International Privacy Law

The highest level of comprehensive legislation governing data protection at this time is the General Data Protection Regulation. The GDPR Govern data collection, data use, data transmission, and data security.

It’s enactment covers the residents of the European Union, which is made up of 28 countries. It protects residents regardless of where the entity collecting data is located.

The Seven Principles of the GDPR

  • Lawfulness, fairness, and Transparency
  • Data minimization
  • Purpose limitation
  • Accuracy
  • Integrity and confidentiality
  • Storage Limitation
  • Accountability

To align your business with GDPR, you should first inform your security team of obligations required under the GDPR. You will need to ensure you have procedures in place for handling requests to access, modify, or delete personal data.

You will also want to define security notification procedures for timely notification in case a data breach occurs. It is best to thoroughly educate and train all staff members on EU data privacy.

From there, plan and conduct regular reviews and audits. Document all internal procedures, and ensure that the third parties you work with also adhere to mandatory provisions.

Failure to comply can result in 20 million or up to 4% of the global turnover.

Important GDPR requirements include:


Data subjects have to be given the chance to provide clear, unambiguous consent before their data is collected by the use of cookies. Some information that does not normally fall into the category of personal information in the US, such as an IP address, is deemed personal data according to the GDPR.

Data Breach Notification

Organizations must notify data subjects and supervisory authorities within 72 hours of a data breach affecting personal information.

Right to Control Personal Data

Data Subjects are to be notified of their rights to access, correct, or delete their data

The Importance of A Privacy Policy

Websites that collect personal information should include a privacy policy explaining to the user what information is collected. It should also explain how the information is used, shared, and secured.

Often user information is provided voluntarily, as when signing up for a newsletter or sending an email request. Even so, data that is gathered by third parties and via the use of cookies must be disclosed. Users should have the opportunity to consent, block, or disable cookies.

How To Make Sure Your Company is Compliant

Consider where your potential users live and what regulations apply. You should do this even if your business jurisdiction has not implemented any comprehensive legislation regarding the privacy of data.

If you intend to do business in the EU or California, you must familiarize yourself with the GDPR and CCPA.

CPPA Checklist

Make sure that you have a clear understanding of the CCPA requirement. Know the requirements for mapping and keeping inventory of customer data.

Implement a way to fulfil CCPA consumer rights to data automatically. Update your disclosure notifications and privacy policy. Breach thresholds and breach response workflows for your data privacy team must be well defined.

Test and validate everything on your site. This includes data access requests, data sharing, and security policies.


The importance of data protection continues to increase. It affects users’ decision making about online activities including browsing and shopping.

A company needs to possess a stellar reputation for the responsible handling of users’ personal information. This level of compliance is an asset that will lead to increased website traffic, greater conversions, and a positive overall impact on profits.

Businesses that build direct relationships with consumers through respect and lawful interaction will be at the forefront of the digital arena. Learn how you can proactively work to build a plan for managing your customers’ data effectively today.

0/5 (0 Reviews)
Many website owners lose, each month, between 25% and 75% of possible revenue. Do you want to monetize your website better? Hire me as your monetization consultant and let's make more money.
Want to show your product or service to 60k readers interested in monetization?
Great! Now you can advertise on Monetize.info . We have some awesome deals.

About Stephan Monetize.info

Stephan J is the founder of Monetize.info and is making a living exclusively online since 2004. He tried and managed to make good profits on everything from Forex trading, options, website flipping, adsense, affiliate websites.His passions are cycling, fitness and he is spending a small fortune on watches and fine cigars

Leave a Reply