HIPAA, OSHA, SOX, PCI – almost every industry has some form of data or physical protection policy. And, it’s for a good reason. These policies are in place to defend people and their rights to share — or not share — information. But, what about online? How is your data protected, and what are your rights?
These legislations have included the Children’s Online Privacy Protection Act (COPPA), Gramm-Leach-Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA) mentioned earlier. But, until California’s Online Privacy Protection Act (CalOPPA), none of these legislations completely protected the data provided online.
But, there is one thing you should know before scrambling to find out how to protect your business: the GDPR only applies to EU and UK residents. So, why should businesses from the United States — for lack of a better word — care?
There is one particular article within the GDPR that may impact businesses outside the EU. Article 3 outlines the territorial scope of the GDPR and states that any business targeting Union residents must adhere to the regulations outlined. This includes any information collected while monitoring Union residents.
The Internet is a vast space for people from all over the world to visit your website. While you may not necessarily be targeting residents of the EU, there is a chance that a resident from the Union will use your site and you may inevitably collect the information from that visit. What then? Will you receive a hefty noncompliance fine? The answer is likely no, but using GDPR as a base for privacy protection is the best way to keep your business safe.
Best Practices for Privacy Policies and GDPR Compliance
- Providing opt-ins for information collected
- Allowing visitors to request the information you have about them
- Allowing visitors to edit/update the information you have about them – as long as it doesn’t impact administrative requirements
- Allowing visitors to delete any information you have about them – as long as it doesn’t impact administrative requirements
- Allowing visitors to change their opt-in status
- Having a process for what data is collected
- Securing and encrypting data collected
- Informing visitors how long you’ll hold their data before deleting it
- Informing visitors how their data will be properly deleted
- Brand reputation
The Symphony Agency Helps You Remain Compliant
We’ve worked with hundreds of businesses across the medical, legal, cybersecurity, and HVAC industries, so we know the importance of secure data and meeting compliance regulations. We strive to help our customers become or remain compliant by implementing best practices across our website development projects.
*This blog post was written to provide general information about privacy policies and GDPR compliance. For more information, visit the links provided.