How can Web Narwhal help?
Web Narwhal can guide you in determining your legal obligations, as well as helping you outfit yourself with the appropriate tools and processes to meet them efficiently.
Typically, we perform a privacy audit, so as to know which requirements apply to you and to familiarize ourselves on what you may already have in place. We’ll then prepare a report for you, outlining our recommended actions, tools, and procedures. This will often include recommended tools such as Termly or Termageddon for preparation of privacy and cookie policies, as well as tools to provide you with the necessary anonymization, pseudonymization, or encryption functions.
There are various tools available to anonymize, pseudonymize, or encrypt the PII you gather. However, care must be taken when selecting the best tool to employ, as some such processes can severely limit the utility of the data for your analysis purposes.
We’ll also help you prepare a roadmap to guide your team through the day-to-day privacy compliance procedures. If your website is an ecommerce or membership site, this will be particularly critical, as you’ll be gathering and managing more PII than a simple informational website. It’s critical to have procedures in place which will help you prevent a breach and guide you through the necessary notification processes in the event of an exposure.
The foregoing is a simplified explanation, but covers the most important points.
Why is this important for your business?
Several countries have established their own versions of such privacy regulations, which apply whenever a user from a given country visits a website. Penalties can vary greatly, but in most instances, sanctions can be severe.
It’s important to understand that the deciding jurisdictional factor is where the user is located, not where the business resides. There are various reciprocal agreements in place between many countries that allow for legal enforcement actions to be enforced, regardless of the business’s country of residence. In other words, for example, if your company resides in Atlanta, GA, you are still responsible for protecting the privacy rights of a user in the European Union.
The authorities are very serious about enforcement of their privacy protection regulations, so don’t make the error of assuming you’re beyond their reach. That can be a costly mistake.
At Web Narwhal, we specialize in helping our clients with compliance issues. But each company’s issues can be different, so there’s no “standard” solution.
Because so many jurisdictions have adopted their own versions of privacy protection compliance regulations, it can currently be challenging to be compliant in all regions. At present, the safest approach may be to ensure your system is compliant with the most stringent regulations in the regions in which you offer access to your website, and ensure you haven’t missed any unique requirements.
Standardization of Criteria
As already mentioned, several jurisdictions have adopted their own standards, which while they may share many common characteristics, they may also have some significant differences. Because this can make it more complex for businesses to comply in all jurisdictions, there have been efforts to create a more “universal” regulation. In the U.S., for example, federal bills have been prepared, in order to overcome the radical differences between one state and another. This will likely be implemented at some point, but even then, companies which serve customers in various countries would still have to deal with different requirements. Hopefully, that will also be resolved at some point, with various countries accepting a consistent set of regulations.
Meanwhile, it’s important you understand your legal responsibilities and familiarize yourself with the available tools to help ensure your business is compliant. We can help you set up your website with the appropriate tools and safeguards, but you’ll still have to know how to follow through on a day-to-day basis.
Other considerations
The myriad facets of compliance with the privacy acts of various jurisdictions, such as the EU’s GDPR (General Data Protection Regulation), California’s CCPA (California Consumer Privacy Act), Canada’s PIPEDA (Personal Information Protection and Electronic Documents Act) and the various U.S. states with in-force or upcoming acts of their own – can seem intimidating. But at its simplest, the GDPR (presently the most stringent) is really nothing more than a blend of common sense and common decency, managed by policies and procedures to ensure consistent compliance.
Depending upon the nature of a company’s business, the extent to which it will gather and process private information and, of course, the company’s (and any 3rd party processor’s) location, compliance can range from relatively simple and straightforward to a substantial addition to the company’s infrastructure.
At first exposure to the regulations, it may seem that your company’s compliance efforts could require a major investment of time and resources. However, for most small to medium-sized businesses, the undertaking isn’t really that imposing or costly. The key is to know precisely which requirements really apply to your business. Web Narwhal can help you determine what will best serve your business’s interests.
Web Narwhal is intently focused on helping small to medium businesses structure their privacy compliance efforts in the most cost-effective fashion possible, implementing a system that’s sustainable without being unnecessarily cumbersome. Contact us today to discuss how we can help you over any privacy protection hurdles you face.
If you prefer to make your own informed decisions, rather than depend upon others to tell you what you need to do… Bravo! We’re always pleased to see site owners take the initiative to learn how to be more successful. But we’re always here to help you in the process.
Additional Information on Privacy Compliance
To make it easier for you to find what you’re looking for, we've provided a page with links to the privacy standards of various jurisdictions:
https://webnarwhal.com/privacy-resources
Disclaimer: We are not attorneys, so our assessment and remediation advice is based upon our good-faith understanding of the various privacy regulations and the stance of the attendant regulatory jurisdictions, in terms of compliance and enforcement. If you have questions that require specific legal interpretations, you should consult an attorney who specializes in privacy issues and compliance with any applicable privacy regulations in specific jurisdictions.
