Table of Contents
Let's take you through a step-by-step process of how to check website privacy. We start off by recommending an automated tool for the purpose, followed by an analysis of what to check for in privacy policies themselves.
While privacy policies are a core competency for the checker tool, it can also look for terms of service, a cookie consent banner, and cookie management — as all of these aspects are also factors regulated under various privacy laws around the world. The compliance checker only takes a few minutes, making it easy for businesses of all sizes to identify weaknesses, correct them, and maintain compliance with no disruptions to website functionality.
Read Privacy Policies Carefully
Privacy policies can include a significant amount of boilerplate content. However, with a wide array of privacy regulations in the world, this is not language that you should just copy and paste from your competitor’s website and hope for the best. How you use data, if you’re sharing it, and the overwhelming regulations that exist mean that you need to have a customized yet compliant policy.
Your introduction should be straightforward with your legal business name or “doing business as” (dba) if you have a parent company or operating with a different name. Additionally, this is where you’ll state that your company is compliant with various privacy laws.
Personal Data Collection and Use
This section is critical as it states what information you’re collecting from web visitors, whether they make a purchase, sign up for an email, or simply browse and leave. Just know that you cannot deviate from what’s listed here. If you don’t explicitly state that you collect IP addresses, and are later found to have collected that information, your business will be in violation of privacy regulations.
Some of the most common data that businesses collect include:
- Phone number
- Email address
- Sex, gender, or orientation
- Race, nationality, or ethnicity
- Religious beliefs
- Financial information such as credit card or banking details
- Login and account information
- IP address
- Web browser and/or device, device software, etc.
- A better personalized experience
- Verifying identity
- Enhancing customer service
- Marketing communications
Don’t forget to include how your business will share data (if any), who has access to that data, and why it’s being shared. If you plan on selling data, be aware that many privacy regulations forbid this.
Retention and Deletion
Consumers deserve to know how long your business will store their data, as well as your policies for deleting it internally or if requested by a consumer. Avoid violations by keeping your storage timeline within the most stringent of the privacy regulations. However, remember that you need to adhere to whatever timeline you post here.
This is a niche topic but if you’re marketing towards children, you need an additional section that outlines how you’ll manage data collected from minors. Unsurprisingly, the regulations are incredibly strict for data usage from underaged individuals.
At a minimum, you should familiarize yourself with the FTC’s Children’s Online Privacy Protection Rule (COPPA) to ensure domestic compliance. But know that regulations can vary by state and country. If you have no plans to collect data from minors (typically viewed as people under the age of 16), here’s where you can explicitly state that you won’t be collecting data from minors.
Personal Data Rights
In a perfect world you’d never have complaints about your business. But reality paints a different picture. For privacy policies and data usage, you need a reliable outlet for consumers to lodge complaints about your website. Usually you’ll list an email, phone number or submission form. However, you’ll also need to include a direct contact for an oversight authority within their jurisdiction where they can escalate a complaint.
- Company name
- Phone number
- Email address
You have questions, and we have answers to keep you compliant and minimize disruptions to your business’ core functions.
Is the scanner free?
Yes, the scanner is completely free to use. Enzuzo won’t request credit card details or attempt to collect information on your website’s visitors.
What does the privacy compliance scanner do?
Does the scanner access proprietary website data?
Enzuzo doesn’t access proprietary data that is otherwise not available in the public domain. This means that analytics aren’t included in the scan. We only look at information that’s already visible on your website pages.
What are GDPR’s legal requirements to maintain compliance?
If you remember one thing about GDPR, it’s that this EU legislation prioritizes corporate transparency when interacting with consumer data, and that this legislation demands consumers have control of that data usage.
Businesses must be transparent regarding cookie usage, data collection and storage, sharing (if applicable), and how that information is used. Meanwhile, these businesses must also provide proper and immediate access to consumers to control and manage how their data is being used, shared, and deleted.
What should I do after receiving my privacy audit?
What if I need more help after receiving my results?
Enzuzo believes in empowering small and medium-sized businesses to maintain compliance, while also providing affordable solutions to make this possible. If you receive results that recommend corrections — but are unsure of next steps — contact us either through live chat or here to explore solutions or request a demo.
Osman is the content lead at Enzuzo. He has a background in data privacy management via a two-year role at ExpressVPN and extensive freelance work with cybersecurity and blockchain companies. Osman also holds an MBA from the Toronto Metropolitan University.