Frequently asked questions

Wait. What is data privacy?

Data privacy relates to how a piece of information—or data—should be handled based on its relative importance. For instance, you likely wouldn’t mind sharing your name with a stranger in the process of introducing yourself, but there’s other information you wouldn’t share, at least not until you become more acquainted with that person. Open a new bank account, though, and you’ll probably be asked to share a tremendous amount of personal information, well beyond your name. In the digital age, we typically apply the concept of data privacy to critical personal information, also known as personally identifiable information (PII) and personal health information (PHI). This can include Social Security numbers, health and medical records, financial data, including bank account and credit card numbers, and even basic, but still sensitive, information, such as full names, addresses and birthdates. For a business, data privacy goes beyond the PII of its employees and customers. It also includes the information that helps the company operate, whether it’s proprietary research and development data or financial information that shows how it’s spending and investing its money.

Why is Data Privacy Important?

Here are two drivers for why data privacy is one of the most significant issues in our industry. Data is one of the most important assets a company has. With the rise of the data economy, companies find enormous value in collecting, sharing and using data. Companies such as Google, Facebook, and Amazon have all built empires atop the data economy. Transparency in how businesses request consent, abide by their privacy policies, and manage the data that they’ve collected is vital to building trust and accountability with customers and partners who expect privacy. Many companies have learned the importance of privacy the hard way, through highly publicized privacy fails. Second, privacy is the right of an individual to be free from uninvited surveillance. To safely exist in one’s space and freely express one’s opinions behind closed doors is critical to living in a democratic society. “Privacy forms the basis of our freedom. You have to have moments of reserve, reflection, intimacy, and solitude,” says Dr. Ann Cavoukian, former Information & Privacy Commissioner of Ontario, Canada.

Data Privacy vs. Data Security

Organizations commonly believe that keeping sensitive data secure from hackers means they’re automatically compliant with data privacy regulations. This is not the case. Data Security and data privacy are often used interchangeably, but there are distinct differences: Data Security protects data from compromise by external attackers and malicious insiders. Data Privacy governs how data is collected, shared and used. Consider a scenario where you’ve gone to great lengths to secure personally identifiable information (PII). The data is encrypted, access is restricted, and multiple overlapping monitoring systems are in place. However, if that PII was collected without proper consent, you could be violating a data privacy regulation even though the data is secure.

GDPR data privacy

GDPR or General Data Protection Regulation. The EU law on the handling of personal data, the General Data Protection Regulation, is often referred to by its acronym GDPR. But how does the GDPR regulate the use of cookies and other tracking technologies on your website? How do you comply? And how does it affect the cookie policy and your cookie consent on your website? In this article, we give a comprehensive introduction to the GDPR and cookies. We'll take a hands-on look at what the rules mean for you and your website - how to achieve GDPR cookie compliance and offer your end-users real cookie consent.

CCPA data privacy

California is the physical frontier of America, where the continent plunges into the Pacific. With the California Consumer Privacy Act (CCPA), it is now also the frontier of data privacy law in the US. In this article, we take a close look at the CCPA. CCPA compliance with Cookiebot Cookiebot is a tool that automatically scans your website, finds all cookies and similar tracking technology, and then enables compliance with both the CCPA and the EU's GDPR. Cookies (especially those from third parties imbedded through plugins) can harvest personal information such as names, physical addresses, IP addresses, location data, but also sensitive personal data such as religious convictions, political opinions and/or sexual orientation. The CCPA requires that businesses enable California residents to opt out of having their personal information sold to third parties, as well as disclosing what data has already been collected and deleting it, if consumers request it. Cookiebot enables compliance with the CCPA with a specific configuration that detects whether a user is from California, and then displays the required Do Not Sell My Personal Information link on the website's cookie declaration

How to protect my personal data?

At home, use a mail slot or locking mailbox, so that thieves can’t steal your mail. Before discarding, shred documents, including receipts and bank and credit card statements, that contain personal information. Make sure to secure your home Wi-Fi network and other devices so that criminals can’t “eavesdrop” on your online activity. Don’t automatically provide your Social Security number just because someone asks for it. Determine if they really need it and, if so, ask how they’ll help protect it. Use strong, unique passwords for all of your online accounts.

What is the right to object?

You have the right to object to an organisation processing (using) your personal data at any time. This effectively means that you can stop or prevent the organisation from using your data. However it only applies in certain circumstances, and they may not need to stop if the organisation can give strong and legitimate reasons to continue using your data.

What is the right to get your data deleted?

The right to get your data deleted is also known as the ‘right to erasure’. You can ask an organisation that holds data about you to delete that data. In some circumstances, they must then do so. You may sometimes hear this called the ‘right to be forgotten’.

When can the organisation say no?

The organisation can refuse to erase your data in the following circumstances: When keeping your data is necessary for reasons of freedom of expression and information (this includes journalism and academic, artistic and literary purposes). When the organisation is legally obliged to keep hold of your data. When the organisation is carrying out a task in the public interest or when exercising their official authority. When keeping your data is necessary for establishing, exercising or defending legal claims. When erasing your data would prejudice scientific or historical research, or archiving that is in the public interest. Also, the right to erasure does not apply to special category data in the following circumstances: When keeping hold of your data is necessary for reasons of public health. When keeping your data is necessary for the purposes of preventative or occupational medicine. This only applies if the data is being used by or under the responsibility of a professional who is under a legal obligation of professional secrecy, such as a health professional.

Delete Data Request

Would you like us to delete all of your data from our servers? Let us know, you are one click away. Follow these steps:

What must the organisation do?

If your objection is successful, the organisation must stop or not begin processing your personal data for that use. However, they may still be able to legitimately continue using your data for other purposes. If you have objected to the organisation using your personal data for direct marketing then they must stop using your data for these purposes.

How long should the organisation take?

he organisation has one month to respond to your objection. In certain circumstances it may need extra time to consider your case and can take up to an extra two months. If it is going to do this, it should let you know within one month that it needs more time and why.

What to do if the organisation does not respond or you are dissatisfied with the outcome

If you are unhappy with how the organisation has handled your request, you should first raise a concern with them and give them the opportunity to resolve the matter Having done so, if you remain dissatisfied you can make a complaint to the ICO. You can also seek to enforce your rights through the courts. If you decide to do this, we strongly advise you to seek independent legal advice first.
Close Menu