This information is provided for general information purposes only and does not constitute legal or other professional advice.
That's a good question, Ruby. Complying with privacy laws can be tricky, but they are designed to protect people from companies that may abuse private user data.
This is an important thing to understand. It's not just what privacy laws apply to you based on where you are located, but it's very important to understand what laws apply to your visitors that you must comply with.
Here are a few pointers to help you figure this out:
- If you're a local business catering to local customers (coffee shop, restaurant, plumber, etc.), you need to comply with your local privacy laws (city, state/provincial, federal).
- If you're an ecommerce business shipping internationally, you must comply with local and international (where your customers are located) privacy laws.
- If you're a blogger and write for anyone to read, you must comply with international laws. In most cases, you can't control who visits your blog, leaves a comment, subscribes to a newsletter, etc.
- If you're a blogger and you're writing for a local audience (local news, local reviews, etc.), you'll need to comply with your local privacy laws.
If none of them fit your situation, ask yourself "where do my visitors/users/customers live?" That will help you understand which privacy laws to comply with.
At ProjectArmy, we cater to an international audience. Since GDPR is the most comprehensive privacy law out there, complying with it ensures we also comply with most other privacy laws. That's why we extend GDPR protections and benefits to all our users. This simplifies our compliance, although it does add a bit more work.
Since I don't know what privacy laws you need to comply with, I'll give you general guidelines to help you be compliant with GDPR. That should also cover other privacy laws too.
- Who is the owner of the website/business
- What data do you collect?
- How is data collected?
- What is the legal basis for collecting this data? (GDPR requires it and others may ask about this too. For example, consent, necessary for your service, legal obligation, etc.)
- For which specific purposes are the data being collected? (For example, analytics, email marketing, order fulfillment, etc.)
- CCPA requires categories of sources from which you collect personal information.
- Which third-parties have access to the information? (For example, Mailchimp, Google Analytics, etc.)
- Will any third-parties collect data through widgets or integrations? (For example, social share buttons, Facebook login for comments, popups, etc.)
- If applicable, information about cross-border/overseas data transfer and what measures were put in place to ensure it's done safely and securely. (GDPR and AU APP laws require it).
- What rights do users have? Can they see what data you have on them, change it, block it, delete it? (GDPR requires this)
ProjectArmy is Iubenda Certified Partner.