Your website is under constant attack from cybercriminals trying to steal personal data and without any data protection and privacy protocols in place, you could be breaking the law and held accountable.
Cybercrime is incredibly costly to individuals and businesses with a global cost of 8.44 trillion US Dollars (7.77 trillion euros) in 2022 and a projected cost rising to 23.84 trillion US Dollars (21.96 trillion euros) in 2027.
data source statista.com
It’s therefore not surprising that countries worldwide are creating and enforcing data protection and privacy laws to safeguard individuals and businesses.
But before we can talk about the safeguards, we should first clarify what we mean by data protection and privacy and the impact on individuals and businesses when personal data falls into the wrong hands.
Data privacy relates to how information (or data) shared with a third party is managed and the necessary safeguards put in place to protect that data based on its relative importance.
See How 3B Website Design Can Attract More Customers To Your Site
- FREE 3 Months Web Hosting
- SSL Certificate
- Responsive Design
- Unlimited Updates
Data held on individuals by businesses or organisations used to be locked away in filing cabinets.
Today that same data is held digitally making it more easily accessible to those that need it but also more susceptible to being stolen by those wanting to sell it.
But why is personal data so valuable?
We are in the Information Age where selling data about individuals is hugely profitable and where companies like Google and Meta/Facebook can benefit from using personal data for targeting their online ads.
But acquiring information on individuals goes far beyond businesses making money.
The UK’s Information Commissioner’s Office (ICO) highlights the personal impact:
…if personal data falls into the wrong hands, people could be harmed. Depending on the situation, they could become victims of identity theft, discrimination or even physical harm.ico.
And it’s not just your company’s data but also your customer’s data that could be targeted.
As the website owner, you are responsible for the data protection and privacy of all people’s data (employees and customers) that you hold on your web server.
If you don’t put any safeguards in place then you could be liable for any personal data that is stolen.
Table of Contents
1. SSL Protection
SSL should be your first line of defence regarding web data protection and privacy.
SSL actually stands for Secure Sockets Layer and prevents others from reading and modifying the information you share during the transfer between two systems using data encryption to scramble the content.
Data encryption takes place using something called an SSL Certificate.
This is a digital certificate which authenticates your website (i.e. proves that you are who you say you are) and contains a “public key” to scramble data whilst in transit.
Any cybercriminals that try to access the data in transit will only see gibberish.
A private key is then used to unscramble the data which you only have the access to.
How to Select the Best SSL Certificate for your Website
If your web visitors can register personal details, including subscribing to receive newsletters or using a payment gateway, then implementing SSL on your website is critical.
However, as well as data protection and privacy, SSL also shows visitors that your website is trustworthy, gives them confidence that you are who you say you are, and improves your search engine page rankings.
2. Cookies Policy
It is highly likely you have already experienced the option to accept Cookies when browsing websites.
Whilst reading this article at some point you will have been asked to accept our own Cookies policy.
But what exactly are Cookies?
A Cookie is a small text file that is transferred from the website you are visiting and stored in your web browser containing personal information about your browsing preferences for that particular website.
The original purpose was to improve your browsing experience.
image used under the fair use policy courtesy of Cookieyes
However, with personal data being so valuable today, Cookies have become a key tool to collect information about your website visits and track what you browse.
Cookies Policy Inside the EU/UK
In May 2018, the Global Data Protection Regulation (GDPR) was introduced as the new framework for data protection and privacy laws within the European Union.
As part of this framework, cookies were requalified as “personal data” and therefore subject to the GDPR.
If you are found to be in breach of the GDPR, fines of up to 10 million euros or up to 2% of global turnover (whichever is higher) can be imposed.
Cookies Policy Outside the EU/UK
Whilst most countries have some form of data protection and privacy laws, the strength of those laws varies from country to country.
The US for example has very weak data protection and privacy laws compared to most other developed countries and essentially websites do not require a Cookies Policy.
However, countries like Canada, Mexico and Nigeria have much stricter data protection and privacy laws though not as strict as the GDPR for the EU/UK.
Cookies Consent Banner
You also need to add a Cookies Consent Banner to your website for first-time visitors.
This allows the visitor to view exactly what data you are wanting to collect whilst they are on your website.
But beware, some Cookies Consent Banners purposefully make it difficult to reject their data collection procedures (e.g. no visible deny/reject button) so as to push the visitor to accept.
I would avoid using these as they don’t promote your website as being trustworthy.
The following should be clearly visible on any Cookie Consent Banner:
- Accept – This accepts the default data collection settings
- Deny – This stops any cookie from being used to collect your data
- View Preferences – This provides the visitor information on what the default settings are for collecting data and generally will include opt-out options to save (e.g. marketing purposes)
Once a Cookie has been accepted/denied the banner will no longer reappear.
There currently is no law to say that you have to force a renewal of Cookies at any time.
However, the ePrivacy Directive highly recommends that you should set up your banner to renew at least once a year.
It used to be just the super large companies like Apple, Google and Meta/Facebook that would need to provide data protection and privacy policies but things have changed over the last few years.
The reality is that any website that handles information about an individual needs to clearly state what data they are collecting about them and how they plan to use this data.
Just like Cookie Consent, data protection and privacy laws vary between countries.
It is likely you use third-party services to improve the user experience of your website, monitor and analyse user behaviour and maybe even display adverts.
Typical third-party services include:
- Google Analytics
- Google Adwords
- Google Web Fonts
This is a foundation agreement, and a legally binding contract, for the relationship between you and the users/customers.
- Company owner and contact details
- VAT No. (if applicable)
- Reference links to Privacy and Cookie policies
- Last updated date
Copyright and Intellectual Property Rights
Make it clear that you own your website data (e.g. content, logo, web design, graphics etc…) and that it is protected by international copyright laws.
Copying or reusing any content without permission is expressly prohibited.
Include a clause expressing that you cannot be held liable for any errors or inaccuracies in the content you have made available, or any impacts those errors or inaccuracies cause.
Set out the rules and guidelines on how you expect users to use your website, product and services and that you have the right to terminate the accounts and access of anyone who commits abuses.
Abuses could include offensive language, spamming, posting defamatory content, lewd content etc…
If you own a website, SSL is your first line of defence against cybercriminals.
If your website stores personal data on individuals, whether it is a single email address for subscribing to a blog or extensive contact and credit card details, it is your responsibility how you store, manage and protect their information.
It is also your responsibility to inform the user on how their stored data is to be used and to give them the ability to opt out of it being used for purposes they don’t agree with.
Check the data protection and privacy laws in your country and take the necessary actions to protect people’s personal data.