This post is a part of a training series that I have created in collaboration with iubenda – one of the proud sponsors of the 2020 WP Agency Summit.
You can read the other articles in this series here:
Part 1: What WordPress Agencies Should Know About GDPR & Cookie Law Compliance
Part 2: Three ways GDPR impacts your customer’s sites
Part 4: Common questions around GDPR
Part 5: How to sell a GDPR-related service
So far, I’ve been mostly talking about GDPR in this training series. Of course, this is just one example of a compliance regulation that you should be aware of.
Let me also shine a brief light on how the main GDPR online requirements relate to other international legislations.
Privacy and Cookie Policies
These documents have to meet a few requirements:
- They need to be understandable and unambiguous
- They need to be easily accessible throughout the website
- They need to be updated constantly to the current applicable laws
Monitoring all the most important international legislation and possible changes is impossible if you’re also running your own business. You’ll need to find some form of automation for this.
That’s why I have teamed up with iubenda to create this training series.
EU Cookie Consent and CCPA Notice of Collection
Basically, you should display a banner and implement a technical way to manage cookies. Unless consent is given, you are not allowed to install non-exempt cookies. Only after a user gave permission, you can install cookies (e.g. to profile user behavior).
In addition, if you have Californian users, you also need to comply with CCPA. You have to display a notice informing your users that their data might be collected and sold to other parties. You also have to inform them of their right to opt-out, which should be facilitated by a “Do Not Sell My Personal Information” link.
iubenda can help to easily manage both these requirements.
As if the above-mentioned requirements weren’t enough – there is more.
Regulations like GDPR or the Brazilian LGPD require you to store an unambiguous proof of consent through detailed records. In all cases in which you process your user’s data after collecting a dedicated consent, you need to be able to prove that consent.
This includes registration forms, or newsletter opt-in forms.
You need to meet specific criteria for these consent proofs, like:
- The consent collection form the users were presented with
- The time of consent collection
- The legal documents that were applicable at the time that the consent was collected
Additionally, the California CCPA requires to document consumer’s opt-out requests from selling their personal information. You should include the particular user, the date, and subcontractors that were notified of the opt-out.
If you cannot reliably store valid opt-in and opt-out proofs, you could be held liable for not being compliant with those regulations.
Again, tools like iubenda come to the rescue.
See how these international requirements tie together?
If you’re in doubt whether the website you are working on is impacted by any of these regulations, I would assume it is.
You really want to have comprehensive software at hand to manage all this.
iubenda is the most simple, complete, and professional way to comply with international regulations & privacy laws.
Thanks to our partnership with iubenda, you can jump on a call with one of their experts, at no cost, and get a personalized overview of online requirements and how to comply with iubenda’s solutions.
You can book an appointment here: https://iubenda.link/en-call
All the best,