While several data privacy laws have come into legislation in certain countries, its safe to globally follow all procedures if your customer database contains address domains known to other countries, or worse, contain vague domains like Yahoo and Gmail that could place the customer in countries where these laws are in effect. We give you the quick checklist to review.
GDPR
All major businesses are familiar with or should be with The General Data Protection Regulation, or GDPR, enacted in 2016 by the European Parliament. Businesses are required to protect EU citizens’ privacy and personal data with companies that complete business within any EU country. This means insurance companies, financial companies, retail, and the like need to enable measures to protect their customers’ data from being compromised or sold.
Here are the main requirements to remain compliant, but can find a more detailed list here:
- Appoint someone to oversee and monitor all data protection processes (Data Officer.)
- Audit your current informational process methods and determine who has access to fulfill the accountable requirement.
- Clearly state on your website or business informational assets what and how you collect your customer’s data. (Privacy Policy)
- Take measures to ensure customer data is always encrypted and protected.
- Create a process to monitor your data protective measures and have a plan in place in case of a data breach.
- Easy for all customers to ask what data the business collects and gives customers access to collect their collected data to review.
- Make it simple for customers to request no personal data be collected or processed.
CCPA
On January 1, 2020 California enable the California Consumer Privacy Act, or CCPA, which allows all California residents to know what type of personal data the business in question is collecting, and give them the option that you will not sell their data to other companies. This law differs from GDPR in that it applies to the option to sell or not sell their data, and GDPR focuses more on how and what data companies are collecting and making sure they are encrypted. In a nutshell, this law is much simpler, but if any data indicates a customer or potential customer could be in California receiving your mail or going to your website (even if there is no company presence in California), you must be compliant.
If your business yearly gross sales exceed $25 million, half your revenue selling data comes from Californian residents, or you process data involving more than 50,000 California residents. The State of California describes this Act in more detail which you can refer to.
Here are the main requirements to be CCPA Compliant:
- Current Privacy Policy that outlines CCPA rules and regulations and business complies in accordance.
- Let customers be aware and know what happens to the data you collect on them such as address or behavioral information in an easy manner.
- Make it easy for customers to access the personal data kept on them at any point in time.
- Allow customers to opt out of selling their information and that their historical data may be deleted if requested.
Designating a person in your business to ensure compliance with Data Protection Acts are the best way to stay on top of compliance. Make sure that your website, email marketing program, and any other methods of communication with your customers in these areas have easy access to information on how your business is compliant with GDPR and/or CCPA.
ccpa flickr photo by trendingtopics shared under a Creative Commons (BY) license
