CCPA/CPRA & GDPR Compliance | CHEQ

Ensighten Data Privacy, Website Compliance, and Consent Management

Enabling website compliance and data leakage prevention in line with global data privacy legislation including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA) and the General Data Protection Regulation (GDPR)

GDPR, CCPA. And more regulations to come.

Data to protect. Fines if you don’t.

Add to all this that today’s websites use on average 60 external libraries and services, and user data is exchanged constantly with them in most cases.
These libraries and services are developed, maintained, and even hosted by different organizations and sometimes in other countries where privacy laws do not apply.

A daunting compliance challenge.

If your organization has no control over the practices, procedures, and code functionality of these third-party services, should data be disclosed when a user has requested it not be, you are ultimately liable in the form of compliance violation fines.
Privacy regulations, such as the CCPA and GDPR, have given consumers rigorous control over how organizations use their data, often affording them the ability to opt-out of certain types of collection. While your organization may have implemented compliance workflows within online properties, such solutions often cannot enforce the choices users make, leaving the business open to litigation.

With the CCPA legislation being in enforcement and hefty GDPR penalties applied, your business is even more at risk of non-compliance. With today’s websites being rich, immersive and therefore complex, a lack of enforcement throughout the website supply chain often results in exposed data.

Contact Ensighten. We can help ensure global compliance regulations are adhered to within your websites and their entire supply chains.

Read our guide to malicious ad injection attack prevention

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

Opt-out from sale of personal data

  • Organizations must provide consumers with a clear way to opt-out of the business’ sale of the consumer’s personal information

Notice of data collection and purpose

  • Consumers must be presented right to information about the business’ collection, sale and other disclosure of the consumer’s personal information collected. This includes disclosure of categories of personal info collected, transferred/sold (to whom info is sold, by category, for each third party) and business purpose for disclosure

Access to data collected

  • Organizations must provide the right to access personal information collected. There must be minimum two methods to submit requests and an organization must respond within 45 days

Right to erasure of personal data

  • Right to erasure/request deletion of personal information collected by the business

Learn more about the CCPA and CPRA and how Ensighten can help you comply here

General Data Protection Regulation (GDPR)

Notification, consent and enforcement

  • Under the GDPR mandates, a business within the EU (European Union) must enforce that data is not collected until notification is given and explicit consent is received. Inaction cannot be considered consent. In addition, a website visitor must be provided with the ability to change or revoke their consent

Unauthorized data collection

  • A business is responsible for any data collection that occurs within their digital properties. Websites rely on third-party vendors to deliver critical functionality but often those vendors invoke additional tags in a process called piggybacking. A business must be able to identify and block unauthorized data collection

Compliance audit and analysis

  • Organizations must be able to prove compliance when audited by a Supervisory Authority (SA) which includes the ability to prove that consent was received for collected information at an event-level audit log to prove compliance

Learn more about the GDPR and how Ensighten can help you comply here

Solution: Full website compliance and data privacy capabilities

Organizations can face large fines under both regulations. Ensighten’s global website data privacy enforcement solution enables compliance in line with the CCPA/CPRA, GDPR and Nevada Law regulations:

  • Global consent enforcement (GDPR)
  • Data leakage prevention through unauthorized third-party vendors (CCPA/CPRA & GDPR)
  • Full audit trail for consent, collection, sale and erasure (CCPA/CPRA & GDPR)
  • Opt-out of data sale and collection (CCPA/CPRA & GDPR)

Protect your website from Magecart and data leakage

If you are collecting sensitive customer data but do not have specific website security controls in place, your business is vulnerable to data leakage. With increasingly tight regulations surrounding customer data security systems, digital security should be a priority for every organization. Get in contact to learn more about how Ensighten can protect your website from a data breach