How To Follow GDPR and CCPA Standards?

Understanding GDPR regulations and CCPA standards

In 2018, the GDPR, or General Data Protection Regulation, put forth by the EU, went into effect. This outlined specific rights and privacies of users. Beginning in January 2020, California’s own laws, known as the California Consumer Privacy Act, went into effect. Both of these sets of laws impact website owners. Here is what you need to know about the regulations and our recommendations regarding how to remain compliant.learn how to follow gdpr standards and ccpa standards - brightedge

  • Make sure you remain fully transparent with all users regarding your data collection
  • Obtain permission from the user before you use cookies
  • Do not collect more data than you need
  • Be able to separate and classify user data

1. Make sure you remain fully transparent with all users regarding your data collection. These laws tell us that users have the right to know when and how their information is being collected. In your privacy policy, you must let people know what types of data you collect, whether or not you sell the data, when you share the data, and how you use the information you collect.

The CCPA also mandates that the privacy policy provides information about how people can request to access, change, or even erase the data you have collected on them.

Note that your plugin vendors must also align with these requirements. If you have a plugin that collects data, you must also get consent from your users and let people know about it in your privacy policy.

With the CCPA, you must also provide people with the ability to opt out of their data being sold to a third party. For any 13-16 year old minor, you must obtain their consent before selling personal information and you must obtain consent from the parents/guardians of any minor under 13 before you sell their data.

2. Obtain permission from the user before you use cookies. Cookies make it possible for businesses to perform certain personalization features and track users, but you have to obtain permission from users before you begin to use them. Many sites obtain this permission with a popup that appears when someone first lands on the site. To make sure that you are obtaining true consent, you cannot have a default, but allow the user to select.

3. Do not collect more data than you need. Although it can be tempting to collect as much information as possible, you need to be careful to only collect the information needed. You also want to make sure this information is not stored longer than required. In other words, if users register to only receive a white paper, once you send them the white paper, you cannot use their email for additional promotions unless they give you explicit permission to do so. When they register, you can offer them an option to continue to receive information and promotions, which will allow you to keep using their email.

Along similar lines, make sure your mailing lists have been obtained properly. If anyone on your mailing list did not give expressed consent to receive messages from you, it will be best to delete them. This will be especially applicable if you purchased the list from any third parties.

If you have been using a double opt-in strategy, then you can feel confident that your mailing list was obtained through consent and you can continue to use them.

Go through your mailing list and your practices of obtaining email addresses to make sure no one was added without consent. Including an ‘opt-out’ link in your emails can also help ensure that only people who want to be on your list are included.

4. Be able to separate and classify user data. With the CCPA in particular, businesses must have greater ability to classify user data. People will now have the power to say whether or not they want their information shared with third parties, which means that brands must be able to filter the information of those who give permission and those who do not.

Users also have the right to learn what information precisely has been collected on them from companies. This includes who the information was sold to over the past 12 months from when the customer requested the information. Businesses who do not currently have the ability to uncover this information need to focus efforts on becoming compliant.

Privacy has become an increasingly prevalent concern for users as data collection grows. Respecting your users by complying with the GDPR standards and laws does require a shift in some practices, so all site owners should carefully review their domains.

Related Resources