Data Privacy and Website Compliance

Comply with global data protection legislation such as the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) and the Nevada Privacy Law to enable data privacy and protection

Data compliance and privacy is something that no organization can ignore; new and existing legislation are changing the way businesses collect, manage and use consumer data. Whilst the two main regulations (CCPA and GDPR) differ in their legislation, they share a common theme; consumers must be given the power to control what happens with their data.

Since GDPR launched in May 2018, we have seen multiple fines for lack of compliance and CCPA is looking to set an example from its launch date of January 1, 2020. CCPA also states that an organization must show “it has some technology in place” to avoid fines and lawsuits.

 

California Consumer Privacy Act (CCPA)

Opt-out from sale of personal data

  • Organizations must provide consumers with a clear way to opt-out of the business’ sale of the consumer’s personal information

Notice of data collection and purpose

  • Consumers must be presented right to information about the business’ collection, sale and other disclosure of the consumer’s personal information collected. This includes disclosure of categories of personal info collected, transferred/sold (to whom info is sold, by category, for each third party) and business purpose for disclosure

Access to data collected

  • Organizations must provide the right to access personal information collected.  There must be minimum two methods to submit requests and an organization must respond within 45 days

Right to erasure of personal data

  • Right to erasure/request deletion of personal information collected by the business

 

Learn more about the CCPA and how Ensighten can help you comply here

General Data Protection Regulation (GDPR)

Notification, consent and enforcement

  • Under the GDPR mandates, a business within the EU (European Union) must enforce that data is not collected until notification is given and explicit consent is received. Inaction cannot be considered consent. In addition, a website visitor must be provided with the ability to change or revoke their consent

Unauthorized data collection

  • A business is responsible for any data collection that occurs within their digital properties. Websites rely on third-party vendors to deliver critical functionality but often those vendors invoke additional tags in a process called piggybacking. A business must be able to identify and block unauthorized data collection

Compliance audit and analysis

  • Organizations must be able to prove compliance when audited by a Supervisory Authority (SA) which includes the ability to prove that consent was received for collected information at an event-level audit log to prove compliance

 

Learn more about the GDPR and how Ensighten can help you comply here

Solution: Full website compliance and data privacy capabilities

Organizations can face large fines under both regulations; you can learn more about CCPA and GDPR, and the implications for non-compliance. Ensighten’s global website data privacy enforcement solution enables compliance in-line with the CCPA, GDPR and Nevada Law regulations:

  • Global consent enforcement (GDPR)
  • Data leakage prevention through unauthorized third-party vendors (CCPA & GDPR)
  • Full audit trail for consent, collection, sale and erasure (CCPA & GDPR)
  • Opt-out of data sale and collection (CCPA & GDPR)

Comply with global data protection regulations

Get in contact to learn more about how Ensighten can enable full compliance in line with the CCPA and GDPR legislations.