Here’s the second half of our posts in honour of Data Privacy Day (which is today!). We’re giving you some advice and pointers on how you can improve:
1. Privacy for your users
2. Privacy for yourself
Read the other half here.
Data privacy for your users
It’s surprising how many people are still unaware of their obligations around cookies, consent policies, data retention and storage.
Cookies
First and foremost if you are running a website, chances are you are going to have cookies running in one form or another. The most common being Google Analytics and Facebook. This is absolutely fine, but you must give your users the option to opt out of being tracked.
This can be achieved on WordPress, for example, by using a cookie consent plugin. This will generate a cookie banner with full controls for your visitors. We recommend Complianz (link here). It has an easy to follow wizard that will ask you questions and collect information from you. This will then build out a cookie policy and consent popup. This really is the most straightforward and hassle free way to meet your legal obligations.
Data retention
Like all businesses, you’re probably holding on to countless emails, phone numbers, addresses and general contact and identifying information on people you’ve met and done business with. What you should ask yourself is, why are you holding onto more information than necessary? The more you hold onto, the more you have to lose if something goes wrong.
You must regularly review your CRM, contact form on your website, emails, and correspondence with a view to clearing out any details that are no longer relevant to you or the business. By all means hold onto names and email addresses, but ditch those addresses, birth dates, phone numbers, and any other obscure information you might have. You don’t need them. If in the future you do, you can make contact again requesting that information, explaining you destroyed it in the interests of their security and privacy.
We never hold onto any sensitive information after its purpose has been served. We regularly login to people’s sites to review them and make tweaks as a one off. Once we’re done, we’ll destroy those login details to ensure they can’t fall into the wrong hands. Any details we do hold onto, are held inside a secure password manager. No dodgy spreadsheets over here!
Data location
Did you know, those of us in the UK are still bound by GDPR legislation? One important aspect of GDPR is that data on individuals within the EU has to be held within the EU or in a country that the European Commission has approved to store data. As it currently stands, no decision has been made on if the UK gets approval to store European user data. But we did copy GDPR into UK law when we left the European Union, so there is a case to be made that you’re safe at the moment just hosting in the UK. If you’re particularly worried about your obligations here and how they might change, it’s best to host your website or cloud application database within the UK or the EU (if you have EU customers/users).
Data privacy for yourself
Finally, here’s a couple of tips to help insure your own data privacy when browsing around on the web.
Firstly, don’t share your location. Sharing your location, coupled with blindly agreeing to cookie policies, means it’s more than likely your browsing habits are being linked to you directly. This means more extreme targeted ads, and your data being more valuable in a data breach.
Don’t auto agree to cookies. Seriously, have you seen the number of cookies some websites are using these days? Not just the necessary ones, or the ones to help them improve their business. You’d be astounded if you stopped and read some of the policies out there. Consider taking the extra couple of minutes searching for a “reject all” or “only necessary cookies” option. This will cut down the amount of information being collected on you.
By now you’ve almost certainly encountered virtual private networks (VPNS), plastered across YouTube and advertising spots on websites; it’s hard to escape the advert bombardments. They are, however, a fantastic tool for masking your location making it more difficult to track your browsing habits. Simply put, a VPN will allow you to pick a country to route your connection through. If you’re sitting in the UK and don’t want your location tracked, load up your VPN, pick a country such as Germany and click connect. Once your connection is established, all your traffic will be securely routed through a server in Germany. This will render tracking cookies almost useless.
If you want improved location privacy when browsing the web, a VPN is the perfect solution. They vary in service offering and price so it’s worth having a search around one afternoon to compare a few.