Data privacy compliant design - computer keyboard with padlock

How To Honor Data Privacy On Your Website

What is Data Privacy?

Honoring data privacy on your website refers to having a website that meets the new laws that have gone into effect to protect consumers’ contact information.  Laws like the European Union’s GDPR (General Data Protection Regulation) that went into effect on May 25, 2018; and the CCPA (California Consumer Privacy Act) that went into effect January 1, 2020.  Both of these laws have changed the way that companies can handle the data that is collected by their business website.  These laws are intended to help protect the individual using the internet by strictly regulating how a business handles its customer’s personal data. Both the CCPA and the GDPR give regulators the power to impose fines on companies who fail to meet these requirements.

What is Data Privacy Compliant Design?

Data Privacy Compliant Design means that your website is properly developed in a way that easily discloses to visitors what data is collected by your website (including basic visitor data like analytics), how it might be distributed and stored, and with whom it may be shared.  It also has to clearly identify how someone can opt-out of you collecting data and/or having their personal data permanently removed from your records.  This includes several things like a valid Privacy Policy publicly viewable on your website and clearly knowing who has access to the data collected by your website, and how it is handled.  While this might sound easy, using web-builder programs like WordPress, SquareSpace, GoDaddy, Wix, and Weebly often involve using third-party components – like themes, plugins, and third-party functionality  – like merchant providers.  In the scope of one website, there could more than a dozen external sources involved, creating an easy environment for data loss.

Why is Being Data Privacy Compliant Important for Your Business?

The way the data privacy laws are currently written, the responsibility for such data collected is that of the company or brand that owns the website.  Many small business owners believe that because they use such seemingly popular web design programs or a skilled developer, these liabilities are managed for them through these other parties.  Unfortunately, that is a misconception.  If data is collected on your company website, your company is responsible for maintaining and managing the data collected.  Your developer or the third-party programs are only liable to a commitment with you, not each of your website visitors or customers.  If data is lost or stolen, it is your company that your customers will hold responsible for the state and federal fees charged for identity theft protection.  Additionally, if a data breach is tracked to your website, you will be fined not only for the one customer but for every customer record in your database.  So think about it.  On average, fees start around $200 per record.  In doing quick math using the data records hackers may have had access to on your website … well, it can get costly for some small businesses.  The more you are prepared in your design, the less risk you have down the road.

How to Protect Your Company

Follow the Data

The best way to protect your company is to simply follow the data and question everything.  Even if your business is located within the American borders, if there is a potential your website is visited by members of the European Union, then I recommend you be precautious and make sure you comply with the GDPR.  Each form created, or plugin used – identify who has access to your company and visitor information – even if its for technical support purposes.  You have the right to question your developers and the tools they use since your business holds the greatest risk.

Minimize Form Entry Where Possible

While we are in a time of automation, and collecting data digitally may sound like a good idea – think this through.  One of our clients worked with children and wanted to have all of their event registration forms online.  While it sounds logical and a huge time-saving venture – especially for a small organization, the fact that personal information about minors was being digitally collected, had two things working against them.  1) We were talking minors – a big legal no-no.  2) It was cost-prohibitive for them to invest in a cyber-insurance policy to mitigate the potential risks.  Instead, we recommended making accessible a PDF version of their form and gave parents a central location to easily access this form that they could download, complete and bring with them when their child first visited their location.  This strategy provided the same end result for functionality – just much less risky.

Consider Consulting With A Professional

Many smaller businesses take the inexpensive route when it comes to their online presence.  In today’s market, the stakes are much higher, so I do recommend working with a professional web developer or someone with technical experience who can evaluate your site for the functionality it has and determine if there are hidden security liabilities for your business.  I say this for two reasons:

1)  The Web Development World Is Like The Wild-West.  Unlike other professions, there are zero validations, licenses, or State Board tests that web developers have to pass on a regular basis to validate that they are staying up-to-par with their industry and meeting security standards to protect the customers they serve.  In fact, there are many agencies/designers who simply hand over their design to third-parties to code, trusting that they are doing things right because it looks good and works for the right budget – but this is risky.  We have been called upon to rebuild a large number of websites because they experienced perpetual errors on their website.  Turns out, these errors happened because a back-door in the code was left open primarily due to custom settings in the design code to accommodate the layout or the functionality of the design.  In other cases, basic security measures were simply never taken, validating that someone either failed to do quality control, failed to keep up with industry standards, or purposely intended to create an environment they could access later for maybe share with their hacker friends.  While I enjoy consulting with people about their web presence, it really disappoints me whenever I encounter such inconsistencies in skills and security measures.  I can tell you from experience, that it is almost always better to start over with a new design.  Again – I said “almost” – but depending on the situation, I feel is the safest route to take to ensure you eliminate all of the errors and get a clean, more secure foundation.

2)  Ultimately, Your Company Website Is Your Responsibility.  No matter who you hire to create your website, or what third-party tools they use or add to your web page if their program or code experiences a breach – your company is now responsible to your customers or web visitors if their data is stolen.  As we mentioned earlier, this can get costly if you are left unprotected.  While there may be a chain of finger-pointing that can happen here, the one that matters most to your business is going to come from your customers and what you are doing to honor your customers and their data.  It is in your best interest to work with a professional who is knowledgable about data privacy standards and is discussing with you the best options to minimize your overall risk.

I hope you found this information helpful and will consider sharing it with your contacts.  The more that we work together as a community to bring awareness to such important topics, and identify strategies on how to reduce risks, the more we support the small business community and contribute to a safer internet environment.

Until next time, “…watch your data!”

Julia Eudy - Communication Specialist

About the Author: Julia Eudy is an experienced Digital Strategist. Her 30+ years career expands sales, marketing, and education, and is infused by a hobby of analyzing behavioral traits related to the online buyer and a general curiosity about why people act the way they do. Reading and analyzing data from 20+ years of digital marketing campaigns has led to her success in developing marketing strategies that directly improve digital sales and rapidly grow your business. 

We Can Help!