Table of Contents
What information is being collected: Again, “consumer data” by definition isn’t limited to just financial records, health details, or identifiable factors like race, gender, or sexual orientation. It can also include geolocations, IP addresses, or anything that clearly determines an individual user session.
Clear disclosure concerning any data processors involved: Any entity that will have access to the data needs to be outlined here. This can include payment processors, e-commerce platforms that manage your backend, and even third-party apps, widgets, social buttons, and ad service integrations.
User rights: It is mandatory under many data privacy regulations not just in the EU but in the U.S. and other countries that users have the right to request, view, transfer, and erase their data (subject to certain conditions). It is important to note that these regulations apply to ALL businesses (including non-profits), regardless of their location, that handle data or provide goods and services to individuals in specific jurisdictions including the EU, Canada, and several states in the U.S.
Additional related requirements include:
What If My Business Doesn’t Collect Personal Information?
This is pretty rare and highly unlikely to not collect personal information on any level. More importantly, if your website is hosted through popular webhosts like Shopify, WordPress, GoDaddy or even Wix, many of them contain built-in analytics tools.
Privacy Policies Provide Legal Protection
We’ve already established that more than likely, even if you’re not actively using third-party apps or services, you’re still generating data on consumers that visit your website. So, you need to let them know what data (if any) is being collected, why and how it’s being used, if it’s shared, and how you’ll dispose of it.
Guides Your Data Practices
Builds Consumer Trust
Hefty Fines from Government Agencies
The fines for non-compliance with data privacy laws differ. But generally, these can get real big, real fast. The CPRA, for example, can impose fines of up to $7,500 for intentional violations and $2,500 for unintentional ones. Note that those are filed per infraction, which can be cost prohibitive if you’re a small business facing multiple violation charges. The California State Attorney General once brought a claim against Delta Airlines for $37,500,000 in fines.
Also remember that you’re not limited to having governing bodies from your jurisdiction levy fines against you. The EU takes consumer privacy seriously and has a storied history of fining individuals as well as small, medium, and multinational conglomerate organizations for violating GDPR privacy directives. Just ask Microsoft, Apple and Facebook about their frequent and expensive GDPR fines for non-compliance.
Data Privacy Lawsuits
Loss Of Customer Trust
We don’t recommend that businesses attempt to generate privacy policies from scratch unless you have a very good legal team on staff that specializes in privacy regulations and is well-versed in the main takeaways from the international community’s top privacy laws. It’s easy to forget to include details such as using third-party apps, analytics trackers, or even to ensure that you have the right points of contact based on the privacy regulation you’re trying to satisfy.
Osman is the content lead at Enzuzo. He has a background in data privacy management via a two-year role at ExpressVPN and extensive freelance work with cybersecurity and blockchain companies. Osman also holds an MBA from the Toronto Metropolitan University.