Skip to Content
Main Content

Hiker Looking Out Over Mountains

5 Minute Read | October 1, 2019

3 Basic First Steps Toward Online Data Privacy Law Compliance

The California Consumer Privacy Act (CCPA) and the European Union’s EU's General Data Protection Regulation (GDPR) have changed the way businesses and other organizations handle the data of customers, users and website visitors. More such laws are on the way.

Organizations that do business on the internet must determine whether the data privacy laws apply to them, what impact the rules might have on the organization, and how to comply.

We can help with all three. For starters, listen to a recording of our privacy webinar, co-presented with our compliance partner, Godfrey & Kahn, S.C..

As the webinar notes, non-compliance with evolving internet privacy laws can lead to some scary outcomes. But fear not; compliance is within reach and even has some good side effects -- if you get out in front of the rules and put the right tools and procedures in place.

You’re better off addressing compliance early and on your own terms. Keep in mind that the goals of these rules are benign: They aim to give your cherished users control over data they share with you and to guide you on how to manage that data in a way that respects the wishes of your users. The particulars vary with each law, but they all promote transparency with your visitors.

You want that, too, right? So keep calm and carry on toward compliance with CCPA, GDPR and other privacy laws.

Start by picking three pieces of the lowest-hanging fruit.

1. Update Your Privacy Policy

CCPA and GDPR require you to update your privacy policy to inform users of the rights granted to them under these laws. Work with your legal or compliance team to draft an updated privacy policy for your websites, so users know their rights and how to assert them.

Design your privacy policy with follow-through in mind; make sure that your company can meet your stated commitments. Some of these laws require you to update policy not only when the regulations go into effect, but also at set intervals going forward.

2. Manage Cookies with a Cookie Manager

A cookie is a small text file created or placed by websites. It lives on the user's computer either temporarily (session cookie) or for a set period (persistent cookie). Cookies are means for websites to recognize users, track their preferences and provide analytics data back to website owners.

Cookies play a big role in eCommerce. When a user adds an item to a shopping cart, that action triggers a cookie, so the site can remember the added item. Depending on how the cookie is configured, users could leave the site and later return to find the same products sitting in their carts. Cookies also figure in third-party tracking tools, such as Google Analytics.

The new rules are pushing sites to inform users of cookie usage and give users control of what cookies they want to accept.

Give them that power through an online cookie consent tool. Content management systems (CMS) offer native tools, or you can turn to a third-party vendor. Cookie consent tools block cookies from being placed on a user’s device until the user gives consent.

Make sure that any third-party tool meets the criteria set forth by your legal and compliance teams. Northwoods partners with CookiePro by One Trust. We selected CookiePro because of the broad install base, multi-language support, and easy-to-use interface for visitors, among other reasons.

3. Implement a Data Subject Request Process

Some of the most recent privacy laws bestow website users with additional rights. Visitors now have a method for understanding what data websites have about them and, beyond that, control over how that data is processed.

Assure your users by establishing methods for them to contact you to let you know how they want their data managed. Data Subject Access Request (DSAR) systems provide secure portals for managing user requests and creating customized workflows for your employees to follow. Having simple, easily followed procedures ensure uniform management of users’ requests.

This is not a matter of flipping a switch. Your internal teams must know where all user information is stored. These laws apply to marketing, sales, contractor and employee records, and more.

On this and every step on the path toward compliance, work with your legal or compliance team to be sure to meet the requirements of each law.

Data Mapping to the Rescue

Many businesses employ people to keep track of physical inventories and will dedicate days or weeks every year to counting items to ensure they know where everything is and what they have. The process of data mapping is like inventory tracking but for data instead of physical products.

To begin the process, select a data collection method (e.g. a web form) and follow the data submitted to all points of entry and storage in your organization. The end goal is to document where all personal information is collected, stored, secured, and accessed.

You can’t respond to a user request to delete data if you don’t know where that data lives. This process will help inform your DSAR workflows by guiding your employees to the systems that house the requested data.

Key Takeaways

  • Keep in mind the common purpose of these laws: User control over their personal information.
  • Manage their data as they wish and do so transparently.
  • Compliance with online privacy laws is not set-it-and-forget-it. These laws have continuing requirements, and new regulations are in play in different states, countries, and regions.
  • Online privacy regulation is here to stay.

Non-compliance with online privacy laws can result in some very big problems (aka, fines). Listen to a recording of our CCPA webinar to learn more, and get our tips for ensuring a successful online privacy tool implementation.

Authored By

Brett Smoot

Brett Smoot

Digital Account Manager

Rick Fessenbecker

Rick Fessenbecker

Managing Director

hand-drawn owl

Get Expert Tips

3610012/Blog/3-Basic-First-Steps-Toward-Online-Data-Privacy-Law-Compliance5
<p>The California Consumer Privacy Act (CCPA) and the European Union&rsquo;s EU&#39;s General Data Protection Regulation (GDPR) have changed the way businesses and other organizations handle the data of customers, users and website visitors. More such laws are on the way.</p> <p>Organizations that do business on the internet must determine whether the data privacy laws apply to them, what impact the rules might have on the organization, and how to comply.</p> <p>We can help with all three. For starters, <a href="/OffNav/Recorded-Webinars/What-You-Need-to-Know-to-Comply-with-Californias-New-Privacy-Law-CCPA-091819" linktype="2" target="_self">listen to a recording of our privacy webinar</a>, co-presented with our compliance partner, Godfrey &amp; Kahn, S.C..</p> <p>As the webinar notes, non-compliance with evolving internet privacy laws can lead to some scary outcomes. But fear not; compliance is within reach and even has some good side effects -- if you get out in front of the rules and put the right tools and procedures in place.</p> <p>You&rsquo;re better off addressing compliance early and on your own terms. Keep in mind that the goals of these rules are benign: They aim to give your cherished users control over data they share with you and to guide you on how to manage that data in a way that respects the wishes of your users. The particulars vary with each law, but they all promote transparency with your visitors.</p> <p>You want that, too, right? So keep calm and carry on toward compliance with CCPA, GDPR and other privacy laws.</p> <p>Start by picking three pieces of the lowest-hanging fruit.</p> <h3>1. Update Your Privacy Policy</h3> <p>CCPA and GDPR require you to update your privacy policy to inform users of the rights granted to them under these laws. Work with your legal or compliance team to draft an updated privacy policy for your websites, so users know their rights and how to assert them.</p> <p>Design your privacy policy with follow-through in mind; make sure that your company can meet your stated commitments. Some of these laws require you to update policy not only when the regulations go into effect, but also at set intervals going forward.</p> <h3>2. Manage Cookies with a Cookie Manager</h3> <p>A cookie is a small text file created or placed by websites. It lives on the user&#39;s computer either temporarily (session cookie) or for a set period (persistent cookie). Cookies are means for websites to recognize users, track their preferences and provide analytics data back to website owners.</p> <p>Cookies play a big role in eCommerce. When a user adds an item to a shopping cart, that action triggers a cookie, so the site can remember the added item. Depending on how the cookie is configured, users could leave the site and later return to find the same products sitting in their carts. Cookies also figure in third-party tracking tools, such as Google Analytics.</p> <p>The new rules are pushing sites to inform users of cookie usage and give users control of what cookies they want to accept.</p> <p>Give them that power through an online cookie consent tool. Content management systems (CMS) offer native tools, or you can turn to a third-party vendor. Cookie consent tools block cookies from being placed on a user&rsquo;s device until the user gives consent.</p> <p>Make sure that any third-party tool meets the criteria set forth by your legal and compliance teams. Northwoods partners with CookiePro by One Trust. We selected CookiePro because of the broad install base, multi-language support, and easy-to-use interface for visitors, among other reasons.</p> <h3>3. Implement a Data Subject Request Process</h3> <p>Some of the most recent privacy laws bestow website users with additional rights. Visitors now have a method for understanding what data websites have about them and, beyond that, control over how that data is processed.</p> <p>Assure your users by establishing methods for them to contact you to let you know how they want their data managed. Data Subject Access Request (DSAR) systems provide secure portals for managing user requests and creating customized workflows for your employees to follow. Having simple, easily followed procedures ensure uniform management of users&rsquo; requests.</p> <p>This is not a matter of flipping a switch. Your internal teams must know where all user information is stored. These laws apply to marketing, sales, contractor and employee records, and more.</p> <p>On this and every step on the path toward compliance, work with your legal or compliance team to be sure to meet the requirements of each law.</p> <h5>Data Mapping to the Rescue</h5> <p>Many businesses employ people to keep track of physical inventories and will dedicate days or weeks every year to counting items to ensure they know where everything is and what they have. The process of data mapping is like inventory tracking but for data instead of physical products.</p> <p>To begin the process, select a data collection method (e.g. a web form) and follow the data submitted to all points of entry and storage in your organization. The end goal is to document where all personal information is collected, stored, secured, and accessed.</p> <p>You can&rsquo;t respond to a user request to delete data if you don&rsquo;t know where that data lives. This process will help inform your DSAR workflows by guiding your employees to the systems that house the requested data.</p> <h3>Key Takeaways</h3> <ul> <li>Keep in mind the common purpose of these laws: User control over their personal information.</li> <li>Manage their data as they wish and do so transparently.</li> <li>Compliance with online privacy laws is not set-it-and-forget-it. These laws have continuing requirements, and new regulations are in play in different states, countries, and regions.</li> <li>Online privacy regulation is here to stay.</li> </ul> <p>Non-compliance with online privacy laws can result in some very big problems (aka, fines). <a href="/OffNav/Recorded-Webinars/What-You-Need-to-Know-to-Comply-with-Californias-New-Privacy-Law-CCPA-091819" linktype="2" target="_self">Listen to a recording of our CCPA webinar</a> to learn more, and <a href="/Blog/5-Tips-for-a-Successful-Online-Privacy-Tool-Implementation" linktype="8" target="_self">get our tips for ensuring a successful online privacy tool implementation</a>.</p>
/Northwoods-2020/Hero-Images/Hiker-Looking-Out-Over-Mountains.pngHiker Looking Out Over MountainsNon-compliance with evolving internet privacy laws can lead to some scary outcomes. But fear not; compliance is within reach and even has some good side effects - if you get out in front of the rules and put the right tools and procedures in place. http://bit.ly/2mMTwdm @northwoodsRick Fessenbecker | Brett Smoot/Northwoods-2020/People/Rick-Fessenbecker.jpgMan in front of a log cabin wall with soft, warm lightinghttps://ctt.ac/d21aq<script charset="utf-8" type="text/javascript" src="//js.hsforms.net/forms/embed/v2.js"></script><script>hbspt.forms.create({ region: "na1", portalId: "23630176", formId: "40c5bbae-05a2-42ea-94dd-1662181fd56e" });</script>3 Basic First Steps Toward Online Data Privacy Law Compliance2019-10-01T00:00:00/Images/Blogs/Stock/3BasicFirstStepsTowardOnlineDataPrivacyLawCompliancefeatureimage.jpg?MediumNon-compliance with evolving internet privacy laws can lead to some scary outcomes. But fear not; compliance is within reach and even has some good side effects -- if you get out in front of the rules and put the right tools and procedures in place. Here are three basic steps to take now.361939/People/Brett-SmootBrettSmootDigital Account Manager<p>Brett has been developing and managing digital marketing projects since 2012 and specializes in UX and Titan CMS documentation. His approach is to take a deep dive into data and find key information that will help optimize results. Brett&rsquo;s prior experience as an agency client allows him to bring a unique perspective to his role as account director and makes him a stickler for keeping budgets accurate and potential risks at bay. His knack for accuracy and problem solving also benefit him outside of work, where he enjoys playing disc golf and board games.</p>Brett Smoot/Northwoods-2020/People/Brett-Smoot.jpgBrett SmootAdd-In Type - NWS Data ModulesCategory - NWS Data ModulesCommittee - NWS Data ModulesDivision - NWS Data ModulesEvent Audience - NWS Data ModulesEvent Service - NWS Data ModulesEvent Type - NWS Data ModulesLocality - NWS Data ModulesModule - NWS Data ModulesNWS Data ModulesTopic - NWS Data ModulesPackage Type - NWS Data ModulesPersonID - NWS Data ModulesBrett SmootProductVersion - NWS Data ModulesRecorded Webinar TopicsRegion - NWS Data ModulesSite Display - NWS Data ModulesSkillLevel - NWS Data ModulesTopic - NWS Data ModulesVideoAudience - NWS Data ModulesVideoClassification - NWS Data ModulesVideoStatus - NWS Data ModulesTeamAccount DirectorsAll Staff362199/People/Rick-FessenbeckerRickFessenbeckerManaging Director<p>As a founding member and managing director at Northwoods, Rick oversees the business development team and serves as a key resource for many long-term clients. He has been involved in website strategy and new customer acquisition for more than 20 years, specializing in executive sponsorship, business strategy, and business case development. Rick is driven to help clients achieve their goals through digital transformation and by maximizing ROI.</p>Rick Fessenbecker/Northwoods-2020/People/Rick-Fessenbecker.jpgRick FessenbeckerAdd-In Type - NWS Data ModulesCategory - NWS Data ModulesCommittee - NWS Data ModulesDivision - NWS Data ModulesEvent Audience - NWS Data ModulesEvent Service - NWS Data ModulesEvent Type - NWS Data ModulesLocality - NWS Data ModulesModule - NWS Data ModulesNWS Data ModulesTopic - NWS Data ModulesPackage Type - NWS Data ModulesPersonID - NWS Data ModulesRick FessenbeckerProductVersion - NWS Data ModulesRecorded Webinar TopicsRegion - NWS Data ModulesSite Display - NWS Data ModulesSkillLevel - NWS Data ModulesTopic - NWS Data ModulesVideoAudience - NWS Data ModulesVideoClassification - NWS Data ModulesVideoStatus - NWS Data ModulesTeamAll StaffLeadershipSales/MktgAdd-In Type - NWS Data ModulesCategory - NWS Data ModulesCommittee - NWS Data ModulesDivision - NWS Data ModulesEvent Audience - NWS Data ModulesEvent Service - NWS Data ModulesEvent Type - NWS Data ModulesLocality - NWS Data ModulesModule - NWS Data ModulesNWS Data ModulesTopic - NWS Data ModulesData & AnalyticsDigital MarketingPackage Type - NWS Data ModulesPersonID - NWS Data ModulesBrett SmootRick FessenbeckerProductVersion - NWS Data ModulesRecorded Webinar TopicsRegion - NWS Data ModulesSite Display - NWS Data ModulesNWS DigitalSkillLevel - NWS Data ModulesTopic - NWS Data ModulesVideoAudience - NWS Data ModulesVideoClassification - NWS Data ModulesVideoStatus - NWS Data Modules02024-02-20T12:45:09.92000