GDPR: What You Need to Know About Privacy Policies and Data Protection

Published by Keslie Wright in Marketing on October 9, 2019

HIPAA, OSHA, SOX, PCI – almost every industry has some form of data or physical protection policy. And, it’s for a good reason. These policies are in place to defend people and their rights to share — or not share — information. But, what about online? How is your data protected, and what are your rights?

What’s a privacy policy?

Perhaps one of the earliest forms of data protection, a privacy policy is a statement or legal document that outlines how a person’s information is collected, stored, managed, and disposed of. Back in the day (think the 60s or 70s), this protected mostly physical pieces of information, but with the development of technology and the Internet, the federal and local governments have introduced a variety of legislation throughout the years in an attempt to provide the same protection to online data.

These legislations have included the Children’s Online Privacy Protection Act (COPPA), Gramm-Leach-Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA) mentioned earlier. But, until California’s Online Privacy Protection Act (CalOPPA), none of these legislations completely protected the data provided online.

CalOPPA requires that all websites must include a privacy policy outlining what information is collected, stored, managed, and how it’s disposed of. Additionally, Google Analytics requires that you include a privacy policy that outlines your use of cookies and Google Analytics information. Policies like these have been the outline for how American businesses manage privacy – until May 2018.

What’s GDPR?

Privacy Policy Update Email

The General Data Protection Regulation (GDPR) outlined by the EU has set a new standard for online privacy. GDPR states that any business cannot use information collected for their benefit and must protect the information gathered. Remember when all your favorite websites were emailing you to say they’d updated their privacy policy (see image)? That was a result of the GDPR going into effect in May 2018. It came with strict rules and lofty noncompliance fines.

But, there is one thing you should know before scrambling to find out how to protect your business: the GDPR only applies to EU and UK residents. So, why should businesses from the United States — for lack of a better word — care?

There is one particular article within the GDPR that may impact businesses outside the EU. Article 3 outlines the territorial scope of the GDPR and states that any business targeting Union residents must adhere to the regulations outlined. This includes any information collected while monitoring Union residents.

The Internet is a vast space for people from all over the world to visit your website. While you may not necessarily be targeting residents of the EU, there is a chance that a resident from the Union will use your site and you may inevitably collect the information from that visit. What then? Will you receive a hefty noncompliance fine? The answer is likely no, but using GDPR as a base for privacy protection is the best way to keep your business safe.

Best Practices for Privacy Policies and GDPR Compliance

Whether you target union residents or not, the easiest way to ensure compliance is to update your website’s privacy policy and implement a procedure for how to collect, manage, store, and delete the information received from visitors. This should include, but not be limited to:

  • Providing opt-ins for information collected
  • Allowing visitors to request the information you have about them
  • Allowing visitors to edit/update the information you have about them – as long as it doesn’t impact administrative requirements
  • Allowing visitors to delete any information you have about them – as long as it doesn’t impact administrative requirements
  • Allowing visitors to change their opt-in status
  • Having a process for what data is collected
  • Securing and encrypting data collected
  • Informing visitors how long you’ll hold their data before deleting it
  • Informing visitors how their data will be properly deleted

Benefits of Updating Your Privacy Policy

While updating your privacy policy or processes seems like a lot of work, there are a ton of additional benefits than just being compliant. As more and more websites implement the GDPR standard, it will become an expectation by end-users that you provide the same protection as you would to EU residents. Upholding the GDPR standard and implementing data protection regulations also improves:

  • Transparency
  • Trust
  • Brand reputation
  • ROI
  • Loyalty

The Symphony Agency Helps You Remain Compliant

We’ve worked with hundreds of businesses across the medical, legal, cybersecurity, and HVAC industries, so we know the importance of secure data and meeting compliance regulations. We strive to help our customers become or remain compliant by implementing best practices across our website development projects.

For more information about GDPR and updating your privacy policy, contact us, or email your success manager.

*This blog post was written to provide general information about privacy policies and GDPR compliance. For more information, visit the links provided.

Share this post:Share on Facebook
0Tweet about this on Twitter
Share on LinkedIn