Add to all this that today’s websites use on average 60 external libraries and services, and user data is exchanged constantly with them in most cases.
and sometimes in other countries where privacy laws do not apply.
A daunting compliance challenge.
If your organization has no control over the practices, procedures, and code functionality of these third-party services,
should data be disclosed when a user has requested it not be, you are ultimately liable in the form of compliance violation fines.
such solutions often cannot enforce the choices users make, leaving the business open to litigation.
Contact Ensighten. We can help ensure global compliance regulations are adhered to
within your websites and their entire supply chains.
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
Opt-out from sale of personal data
- Organizations must provide consumers with a clear way to opt-out of the business’ sale of the consumer’s personal information
Notice of data collection and purpose
- Consumers must be presented right to information about the business’ collection, sale and other disclosure of the consumer’s personal information collected. This includes disclosure of categories of personal info collected, transferred/sold (to whom info is sold, by category, for each third party) and business purpose for disclosure
Access to data collected
- Organizations must provide the right to access personal information collected. There must be minimum two methods to submit requests and an organization must respond within 45 days
Right to erasure of personal data
- Right to erasure/request deletion of personal information collected by the business
General Data Protection Regulation (GDPR)
Notification, consent and enforcement
- Under the GDPR mandates, a business within the EU (European Union) must enforce that data is not collected until notification is given and explicit consent is received. Inaction cannot be considered consent. In addition, a website visitor must be provided with the ability to change or revoke their consent
Unauthorized data collection
- A business is responsible for any data collection that occurs within their digital properties. Websites rely on third-party vendors to deliver critical functionality but often those vendors invoke additional tags in a process called piggybacking. A business must be able to identify and block unauthorized data collection
Compliance audit and analysis
- Organizations must be able to prove compliance when audited by a Supervisory Authority (SA) which includes the ability to prove that consent was received for collected information at an event-level audit log to prove compliance
Solution: Full website compliance and data privacy capabilities
Organizations can face large fines under both regulations. Ensighten’s global website data privacy enforcement solution enables compliance in line with the CCPA/CPRA, GDPR and Nevada Law regulations:
- Global consent enforcement (GDPR)
- Data leakage prevention through unauthorized third-party vendors (CCPA/CPRA & GDPR)
- Full audit trail for consent, collection, sale and erasure (CCPA/CPRA & GDPR)
- Opt-out of data sale and collection (CCPA/CPRA & GDPR)