Freelance writer and researcher at TermsFeed
On this page
Once you've collected a good portion of user data, you are no doubt planning your next steps for using the data to give your business a marketing boost.
Before you dive in, it's important to consider whether you've taken the appropriate legal steps to protect yourself and your business when you begin to start leveraging the data that you've collected from your users.
First, let's look at the types of data that you have probably collected.
First, what kind of data do you have?
All web pages (including landing pages) collect some data about your users, even if your page is click-through only. Some examples of the types of data that a landing page collects are:
- internet domain
- IP address
- when your website was accessed
- type of browser and operating system used
- pages visited
- what site the user came from
Web forms will also be collecting user data, and if you use something like Google Analytics, even more data will be gathered behind the scenes.
So, how can you comply with the law when you do this?
Steps to take
How to comply with the law
Start generating the necessary legal agreements for your website or app in minutes with TermsFeed.
We also offer different solutions and tools for your website or app:
- Privacy Consent (Cookie Consent). A cookie consent solution to comply with CCPA/CPRA, GDPR, ePrivacy Directive.
- CCPA/CPRA Opt-Out. A free CCPA/CPRA opt-out solution to allow visitors to opt-out from personalized ads and comply with CCPA/CPRA.
- "I Agree" Checkbox. A free solution to enforce your legal agreements.
The UK and Europe are all party to what is called the EU Data Protection Directive 1995. This Directive set out seven principles of data collection:
- Notice: users should be given notice when their data is being collected
- Purpose: data should only be used for what you say you will use it for
- Consent: user data should not be shared without your users' consent
- Security: collected data should be kept secure
- Disclosure: users should be informed about who is collecting their data
- Access: users should be allowed to access their data and make corrections to any inaccurate data
- Accountability: users should have a method available to them to hold data collectors accountable for not following the above principles
The second aspect of complying with the law is making sure that your users are bound by your legal agreement.
The most common method that websites use to display their Privacy Policies is to include a link down the bottom of their landing page in small writing. Sometimes the link is even very low contrast which makes it difficult to see:
Browsewrap means that your users need to browse your website to find the terms and be bound by them. Most courts have said that this is not enough.
To implement a clickwrap method, there are three main ways that you can do it.
Here's an example from Apple:
Here's an example from YouTube of what the checkbox might look like:
If you don't like the idea of using the checkbox, you can also use a statement alongside your "Submit" button:
Using the collected personal data
Most likely you are using the data you've collected to more effectively market to your customers, determine business strategy, and review results of campaigns or outreaches to particular groups.
To reach these aims, you may be building case studies, sharing graphs and charts with your teams, planning new customer approaches, or discussing marketing strategies with external companies. To do these things, however, you need to let your customers know what you are doing with their data, particularly if you are sharing their data with a third party.
To reduce the problems that may arise with using the data you collect (as well as security) make sure that you keep your web forms short, and only ask for the data that you really need. Long web forms not only collect unnecessary data that you then have to store and protect, but they also turn your customers away.
The next thing to consider is how you will keep the user data secure.
Put security measures in place
When you are holding onto user data, you need to make sure that you are keeping it secure and protected from leaks. Losing the credit card data of your users could be devastating to your business image, and you may also face legal action.
There are two primary ways in which you can keep the data secure: technical security measures, and organizational security measures.
Technical Security Measures
One of the technical ways in which you can protect information is through SSL encryption. SSL means that the connection between your website and the user's browser is secure.
Make sure that you select the option to have SSL encryption turned on wherever possible.
Another way to protect user information is to make sure that your web forms do not allow code to be sent to your database through the form.
When you receive data through the form make sure that anything that looks like it could be computer code is treated as plain 'text' rather than computer code by your server. That way it won't be run as code on your server, and won't be able to take data from your database.
Organizational Security Measures
The second way of protecting user data is by implementing "need to know" measures within your company.
The only people that should have access to user data are those people who need to see it for their work. You can implement passwords and categories of user data through your CRM software to make sure that sensitive user data is protected.
Finally, keep data secure and ensure that it is used only for the purposes stated, and not shared with third parties who don't need to see it.