In a virtual environment, where web content addresses a global public, webmasters and others owning or running a website, must consider various privacy and data protection rules. The European single market and the European Economic Area set up a comprehensive regulatory framework for protection and regulation of personal data, named the General Data Protection Regulation (GDPR). The regulation has direct effect which means that European member states are obliged to implement the framework and that remedies, liabilities, and penalties are predefined and final. the other substantial market for internet activity is the United States. Even though there is no US based legislation for data protection, the Federal Trade Commission protects consumers against data breaches. Also, the right of privacy is laid down in several other codes, acts and rules.
Data protection rules apply to every legal entity, professional organization, or even website that deals with personal data of individuals. Rules designate controllers and processors of personal data and provide them with an enforceable set of measures for compliance and protection. As such, web traffic that is subject to tracking cookies to improve user experience, or when information is needed for login and registration purposes, as well a simple contact form is covered under data protection rules. Under the European GDPR, personal or household activities, law enforcement and in matters of national security there is an exemption from applicability.
Business planning for an online business includes, among other things, compliance with mandatory global rules. Data protection and privacy is of paramount importance to individuals. Legislation, regulation and codes of conduct give individuals control over their personal data. It allows individuals to request rectification and erasure of their personal data and provides them with a framework to report data breaches and take civil action.
From the perspective that avoiding legal challenges is always better than being reprimanded and potentially put out of business, several opportunities for compliance are available. Controllers and processors need to explain data subjects what they intent to do with the information they gather, as well as put in place systems to store and protect this data. Mandatory storage and protection of personal data is subject to regulatory control. Inconsistencies and breaches can be punished with remedies and penalties and may impose a liability. This liability in its turn may trigger compensation for victims of a data breach. Alongside regulatory fines, material and non-material damage as a result of an infringement leads to the aforementioned civil compensation.
As an example of how this website deals with privacy and data regulation, visitors may visit our GDPR and Privacy statement. Alongside the statement, compliance must be demonstrated to a regulator or supervisory authority upon request.