Data privacy compliance isn’t simple — and it can seem more complicated by the day, with new regulations and tighter restrictions being implemented. We understand the difficulties of keeping up with all the legal requirements that vary across the world, especially without a dedicated legal team in your organization.
If you don’t know how to start complying with data privacy and consumer protection laws, read this page first. We’ll walk you through why you need to be compliant, what laws you likely need to be aware of, and give you some options for achieving compliance.
If you want more in-depth information about various laws, legal policies, third-party compliance requirements, and more, check out our educational articles. And if you’re already using Termly tools, take a look at our support articles for information on installation, features, and more.
Why do I need to comply with data privacy laws?
Each data privacy law contains information about who needs to comply and under what circumstances. Requirements can vary — some laws have specific revenue thresholds, while others apply depending on how a business uses personal data.
Complying with data privacy laws also helps build trust with both existing and potential customers. Studies have shown that customer concerns and reputational losses are closely tied to data privacy measures. Over the years consumers have grown increasingly concerned about data privacy and how their personal information is being used, tracked, and sold. They may not wish to do business with a website or app that cannot be transparent about their data collection and usage.
By choosing not to comply with applicable laws, you may be subject to these significant fines and reputational losses.
How to comply with privacy laws
Termly was created to help small and medium-sized businesses achieve cost-effective compliance. We understand the complexities of running a business, and want to take the headache of compliance off of your plate.
Sign up today to begin your compliance journey. We’ll be here for you throughout the entire process, from policy creation to technical support. Try us for free to see how easy compliance can be.
Termly offers policy generators and a full, GDPR-compliant cookie consent solution.
User consent is one of the most vital pieces of data privacy compliance today. If you run a business, website, or app, chances are you have to comply with laws that regulate cookie use and customer data.
Our comprehensive cookie consent solution lets you comply with laws like the GDPR, CCPA, ePrivacy Directive, and more. You’ll be able to:
Scan your site for cookies
Build a customizable cookie banner
Embed a user preference center
Block cookies with our Auto Blocker
Log user consent
Embed a “Do Not Sell” link and a Data Subject Access Request form
A legal disclaimer is another useful tool to protect your website or business by addressing any legal liabilities and making it clear you will not be held responsible for any damages from using your website or the information on it.
You may have seen disclaimers on websites or blogs discussing health advice or legal advice, or those that rely on testimonials or user reviews. Disclaimers are useful for those websites and many more.
If you sell products, no matter what your business size, type, or platform, you likely need a return policy. A return policy protects your business, but also helps set expectations with your customers and avoid any conflicts.
A shipping policy is another critical tool for keeping customers happy and covering your own business’s shipping liabilities. Use a shipping policy to disclose shipping fees, restrictions, international shipping details, and more.
Laws and regulations you should know
Before you dive into the specifics of each law, you need to understand how data privacy regulations work. Data privacy and consumer protection laws often go beyond country borders and apply to any businesses that serve customers or visitors from the region — no matter where that business may be located.
We recommend reviewing each major law listed below, no matter what country your business is based in.
California Consumer Privacy Act (CCPA)
The CCPA is a landmark data privacy law in the United States. It protects California residents’ privacy rights and gives them significant control over the use of their personal information.
California Online Privacy Protection Act (CalOPPA)
Virginia Consumer Data Protection Act (VCDPA)
The VCDPA is the second state data privacy law passed in the US. It won’t be enforced until 2023, but it gives Virginia residents rights similar to those in the CCPA.
Colorado Privacy Act (CPA)
The CPA, like the VCDPA, was passed in 2021. It’s also set to go into effect in 2023, and will also give similar rights to Colorado residents.
General Data Protection Regulation (GDPR)
The GDPR is one of the most well-known — and most restrictive — data privacy laws. It sets rules on how personal information is gathered, used, processed, and shared. It applies to any business that targets EU residents, no matter where the business is located.
Although the UK is no longer part of the EU, it still retained its own version of the GDPR. It currently contains similar restrictions to the EU GDPR, but may deviate over time as both laws evolve.
Personal Information Protection and Electronic Documents Act (PIPEDA)
This law regulates the use of personal data in Canada. PIPEDA is not as restrictive as the GDPR, but still gives Canadians protection over their personal data and holds businesses accountable for the use and safety of that data.