Data privacy compliance isn’t simple — and it can seem more complicated by the day, with new regulations and tighter restrictions being implemented. We understand the difficulties of keeping up with all the legal requirements that vary across the world, especially without a dedicated legal team in your organization.
If you don’t know how to start complying with data privacy and consumer protection laws, read this page first. We’ll walk you through why you need to be compliant, what laws you likely need to be aware of, and give you some options for achieving compliance.
If you want more in-depth information about various laws, legal policies, third-party compliance requirements, and more, check out our educational articles. And if you’re already using Termly tools, take a look at our support articles for information on installation, features, and more.
Why do I need to comply with data privacy laws?
Each data privacy law contains information about who needs to comply and under what circumstances. Requirements can vary — some laws have specific revenue thresholds, while others apply depending on how a business uses personal data.
For example, an American eCommerce company selling to EU customers would be required under the General Data Protection Regulation (GDPR) to display a privacy policy to inform their customers how their data will be processed and used by the company. Failure to do so could result in fines up to $20M euros or 4% of your annual turnover, depending on which is higher.
Complying with data privacy laws also helps build trust with both existing and potential customers. Studies have shown that customer concerns and reputational losses are closely tied to data privacy measures. Over the years consumers have grown increasingly concerned about data privacy and how their personal information is being used, tracked, and sold. They may not wish to do business with a website or app that cannot be transparent about their data collection and usage.
By choosing not to comply with applicable laws, you may be subject to these significant fines and reputational losses.
How to comply with privacy laws
Next steps
Termly was created to help small and medium-sized businesses achieve cost-effective compliance. We understand the complexities of running a business, and want to take the headache of compliance off of your plate.
Sign up today to begin your compliance journey. We’ll be here for you throughout the entire process, from policy creation to technical support. Try us for free to see how easy compliance can be.
Termly products
Termly offers policy generators and a full, GDPR-compliant cookie consent solution.
User consent is one of the most vital pieces of data privacy compliance today. If you run a business, website, or app, chances are you have to comply with laws that regulate cookie use and customer data.
Our comprehensive cookie consent solution lets you comply with laws like the GDPR, CCPA, ePrivacy Directive, and more. You’ll be able to:
Scan your site for cookies
Generator a compliant cookie policy to embed on your site
Build a customizable cookie banner
Embed a user preference center
Block cookies with our Auto Blocker
Log user consent
Embed a “Do Not Sell” link and a Data Subject Access Request form
Privacy policies are required for the majority of websites and apps. Not only do many data privacy laws mandate a privacy policy, but even app stores — like Google Play and Apple’s App store — and third-party tools can require that you publish a privacy policy before using their services.
Our privacy policy generator lets you build a customized and compliant policy without requiring legal knowledge. The generator will walk you through all the necessary questions and then generate the final text for you.
Terms and conditions — also known as Terms of Service and Terms of Use — aren’t always required by regulations. Instead, Terms and Conditions are designed to protect you and your business from inappropriate user behavior, outline rules for website or app use, and protect intellectual property rights. If you want to protect your business, Terms and Conditions are a good place to start.
A legal disclaimer is another useful tool to protect your website or business by addressing any legal liabilities and making it clear you will not be held responsible for any damages from using your website or the information on it.
You may have seen disclaimers on websites or blogs discussing health advice or legal advice, or those that rely on testimonials or user reviews. Disclaimers are useful for those websites and many more.
If you sell products, no matter what your business size, type, or platform, you likely need a return policy. A return policy protects your business, but also helps set expectations with your customers and avoid any conflicts.
A shipping policy is another critical tool for keeping customers happy and covering your own business’s shipping liabilities. Use a shipping policy to disclose shipping fees, restrictions, international shipping details, and more.
Laws and regulations you should know
Before you dive into the specifics of each law, you need to understand how data privacy regulations work. Data privacy and consumer protection laws often go beyond country borders and apply to any businesses that serve customers or visitors from the region — no matter where that business may be located.
We recommend reviewing each major law listed below, no matter what country your business is based in.
United States
California Consumer Privacy Act (CCPA)
The CCPA is a landmark data privacy law in the United States. It protects California residents’ privacy rights and gives them significant control over the use of their personal information.
California Online Privacy Protection Act (CalOPPA)
The CalOPPA applies if your website is accessible by any users in California. This law focuses on privacy policy requirements, including the information that must be included and where the privacy policy should be linked.
Virginia Consumer Data Protection Act (VCDPA)
The VCDPA is the second state data privacy law passed in the US. It won’t be enforced until 2023, but it gives Virginia residents rights similar to those in the CCPA.
Colorado Privacy Act (CPA)
The CPA, like the VCDPA, was passed in 2021. It’s also set to go into effect in 2023, and will also give similar rights to Colorado residents.
European Union
General Data Protection Regulation (GDPR)
The GDPR is one of the most well-known — and most restrictive — data privacy laws. It sets rules on how personal information is gathered, used, processed, and shared. It applies to any business that targets EU residents, no matter where the business is located.
ePrivacy Directive
Also known as the EU Cookie Law, this regulation set out to give EU users more control over the use of cookies, which store and recall information about users. Cookie information is considered personal data and is also regulated under several other laws.
United Kingdom
UK GDPR
Although the UK is no longer part of the EU, it still retained its own version of the GDPR. It currently contains similar restrictions to the EU GDPR, but may deviate over time as both laws evolve.
Canada
Personal Information Protection and Electronic Documents Act (PIPEDA)
This law regulates the use of personal data in Canada. PIPEDA is not as restrictive as the GDPR, but still gives Canadians protection over their personal data and holds businesses accountable for the use and safety of that data.