In 2011, Mark Zuckerberg made a statement that "privacy is dead". It is clear that in today's world, we are all connected in the digital realm and communication is predominantly online, leading to a shift in paradigms around personal data and privacy. To ensure individuals can feel confident about who has access to their data and how it is being used, the European Parliament has stepped in by regulating the matter through the General Data Protection Regulation (GDPR) and mandating privacy policies for websites.
Tracking data and analyzing it to assess business performance is a prerequisite for digital marketers: it is the best way to structure an effective strategy, reaching the user at every stage of the funnel with timely and personalized communications. However, the inestimable value of data comes with responsibilities: it must be handled in compliance with GDPR and privacy policy, protecting third parties who surf the web.
GDPR and privacy policy: what are the obligations?
Given the ever-increasing number of users surfing the web in search of information, European and Italian legislators have given special attention to the collection and processing of data related to user behavior. The GDPR (General Data Protection Regulation), aims precisely at safeguarding the personal and sensitive data of users, stipulating among other requirements the obligation for any site that collects user data to draft and provide interested parties with an appropriate privacy policy.
The privacy policy is a document within the website that precisely explains to users that their personal data will be tracked, and how it will be used. In fact, according to the GDPR, tracking is only possible after the data subject has been properly informed. This is not standard, pre-filled documentation: it must be timely and tailored to the use the specific company will make of the data collected. According to the regulations, the statement must be as detailed as possible to make users aware of the precise manner in which the data will be used, allowing them to give explicit and informed consent. Specifically, a privacy policy must contain:
- The details (identity and contact information) of the data controller or data processor, such as the owner of the website
- The third parties that will have access to personal data (e.g., social media, marketing agencies, Google, etc.)
- The type of data collected (ex: first name, last name, email, etc.)
- The purpose for which the data is collected
- The rights of users
The Privacy Authority is the body in charge of monitoring that privacy rules are being respected, and can also receive notices of violations from the users themselves, as well as react accordingly to any reports from the Guardia di Finanza's routine checks. To date, any site that does not have a privacy policy can be subject to very expensive penalties, ranging from a minimum of €3,000, to a maximum of €50,000.
How to comply with the GDPR thanks to Iubenda
Iubenda is the ideal solution for all website owners who need to comply with GDPR and privacy regulations in general.
It is a platform that serves more than 80,000 customers in more than 100 countries, making sites and applications compliant with the law by structuring ad hoc documentation tailored to the company, language and legislation in place, updating it remotely and automatically on time thanks to an international legal team.
The great success of Iubenda and the enormous contribution it makes to website owners is precisely a direct result of the constant optimization of privacy policies and a system that brings technology and automation together with what is most human in this world: the law.
Starting with a standard entry suitable for all activities, with Iubenda it is possible to add other entries based on the specific tracking and data use needs of the site in question. In fact, it adapts to a wide variety of needs, offering services of:
- Privacy and Cookie Policy Generator: the automation of Iubenda creates privacy and cookie policies for websites in minutes, customizable with 1500 clauses in 8 languages
- Cookie Solution: consent preference management service in accordance with the ePrivacy Directive, GDPR and CCPA, through the generation of a fully customizable cookie banner for consent collection
- Terms and Conditions Generator: with over 100 pre-configured clauses, Iubenda offers a fully customizable service, perfect for any kind of web portal
- Consent Solution: tool to adapt forms to GDPR and CCPA
Internal Privacy Management: one of the most popular systems on the Italian web to keep track of all data processing activities internally within the company
For us at Ander Group, protecting user privacy is a fundamental aspect, but the ability to track and analyze browsing data is also essential. We believe that, with the advice of qualified professionals, it is possible to protect users' personal information without compromising the collection of useful information for companies to optimize their digital strategies.
We are therefore happy to collaborate with Iubenda, to provide our clients with privacy policies that are always up-to-date and in line with the latest regulations. Partnering with Iubenda allows us to guarantee our clients maximum privacy protection, while maintaining a high level of efficiency in collecting data for analysis and optimization purposes.
Want to make sure you have a privacy policy that complies with the law?