Part 3 - There's More Than Just GDPR

Part 3: There’s More Than Just GDPR

This post is a part of a training series that I have created in collaboration with iubenda – one of the proud sponsors of the 2020 WP Agency Summit.

You can read the other articles in this series here:

Part 1: What WordPress Agencies Should Know About GDPR & Cookie Law Compliance
Part 2: Three ways GDPR impacts your customer’s sites
Part 4: Common questions around GDPR
Part 5: How to sell a GDPR-related service

So far, I’ve been mostly talking about GDPR in this training series. Of course, this is just one example of a compliance regulation that you should be aware of.

Let me also shine a brief light on how the main GDPR online requirements relate to other international legislations.

Privacy and Cookie Policies

Worldwide, there are legislations like GDPR, CCPA, CalOPPA, or LGPD. If you are processing personal data, you are generally required to disclose how you are processing that data. That is where a comprehensive Privacy Policy comes into play.

In a nutshell, the Privacy Policy is a legal document that informs the user of the data processing carried out through the website or app they are currently using. The policy can mention for example which data is collected, for what purposes they are used, which third-parties also access the data, etc.

Additionally to the Privacy Policy, you will need a Cookie Policy if your site uses cookies and has EU visitors. Essentially, the Cookie Policy goes into more detail about the cookies and deals with the data processing that happens through the installation of cookies.

These documents have to meet a few requirements:

  • They need to be understandable and unambiguous
  • They need to be easily accessible throughout the website
  • They need to be updated constantly to the current applicable laws

Monitoring all the most important international legislation and possible changes is impossible if you’re also running your own business. You’ll need to find some form of automation for this.

That’s why I have teamed up with iubenda to create this training series.

EU Cookie Consent and CCPA Notice of Collection

We have to thank the EU Cookie Law for all the banners popping up on websites, asking us to consent to cookies being used. This banner is required by the EU Cookie Law in addition to the Cookie Policy.

Basically, you should display a banner and implement a technical way to manage cookies. Unless consent is given, you are not allowed to install non-exempt cookies. Only after a user gave permission, you can install cookies (e.g. to profile user behavior).

In addition, if you have Californian users, you also need to comply with CCPA. You have to display a notice informing your users that their data might be collected and sold to other parties. You also have to inform them of their right to opt-out, which should be facilitated by a “Do Not Sell My Personal Information” link.

iubenda can help to easily manage both these requirements.

Consent Records

As if the above-mentioned requirements weren’t enough – there is more.

Regulations like GDPR or the Brazilian LGPD require you to store an unambiguous proof of consent through detailed records. In all cases in which you process your user’s data after collecting a dedicated consent, you need to be able to prove that consent.

This includes registration forms, or newsletter opt-in forms.

You need to meet specific criteria for these consent proofs, like:

  • The consent collection form the users were presented with
  • The time of consent collection
  • The legal documents that were applicable at the time that the consent was collected

Additionally, the California CCPA requires to document consumer’s opt-out requests from selling their personal information. You should include the particular user, the date, and subcontractors that were notified of the opt-out.

If you cannot reliably store valid opt-in and opt-out proofs, you could be held liable for not being compliant with those regulations.

Again, tools like iubenda come to the rescue.

See how these international requirements tie together?

If you’re in doubt whether the website you are working on is impacted by any of these regulations, I would assume it is.

You really want to have comprehensive software at hand to manage all this.

iubenda is the most simple, complete, and professional way to comply with international regulations & privacy laws.

Thanks to our partnership with iubenda, you can jump on a call with one of their experts, at no cost, and get a personalized overview of online requirements and how to comply with iubenda’s solutions.

You can book an appointment here: https://iubenda.link/en-call

All the best,

Jan

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Visit the virtual booths of our sponsors

Click on any logo to go directly to the booth and learn more about each sponsor.

Check Out The Merchandise

Build a WordPress agency that is profitable, scalable, and sustainable.

You’re in the right place. We have over 36 industry experts who run agencies just like yours, and they are going to share their proven strategies for success with you.

GET your free ticket to
wp agency summit

let 30+ World-Class Experts teach you how to scale your WP agency.

Learn How to Attract high-paying clients and building recurring revenue To Break Through Feast & Famine.