Learn
>
Sygnal-U
>
Webflow, GDPR & CCPA
>
Sygnal's GDPR Approach

Webflow, GDPR & CCPA

Sygnal's GDPR Approach

Overview
Introduction & Overview
Sygnal's Perspective & Approach
Sygnal's GDPR Perspectives
001
Sygnal's 4 Project Zones
002
Sygnal's GDPR Approach
004
The Problem
The GDPR
101
California ( CCPA / CPRA )
102
German Privacy Act (BDSG-new)
103
Approaches & Solutions
Webflow and the GDPR
400
Cookie Consent
401
Additional Notes
New Zealand & GDPR
800
Children's Online Privacy Protection Act ( COPPA )
801
Health Insurance Portability and Accountability Act ( HIPAA )
801
No items found.
Published
May 28, 2023
Updated
in lightbox
VIEW THE LESSON
We are not lawyers, and this is not legal advice. If you need current, accurate advice to base your decisions on, contact a lawyer who can provide that. Use of this information is entirely at your own risk.

Sygnal's perspective on how to best align our work with the GDPR and other privacy initiatives ( CCPA, CPRA, COPPA, HIPPA ... ) is continually evolving.

That said, here's my take on the impact of these changes, and how it affects my agency Sygnal and our clients.  

Project Classifications

We use the 4 project zones mentioned previously as a guide to our project planning. On top of that there may be industry-specific and market-specific requirements such as;

  • COPPA - a US body of law protecting any data captured from minors.
  • HIPPA. A US body of law protecting healthcare data.
  • Market-specific age-related restrictions on content access ( movie trailers, video game trailers, alcohol, etc. )

All of these together inform our strategy on each project.

Technical Approaches

Depending on the classification, these things are affected.

On the website itself;

  • Cookie consent. We like Finsweet's cookie consent.
  • Forms design. Specifically Webflow's guidance here.
  • Form data handling. We use Basin when possible, or other options when data-sovereignty laws are in place.
  • Privacy policy. Must be relevant to the concerns of the target market(s).
  • Delete my data policy. In some markets, we include specific details and process on how to have your data removed.

On back-end systems such as databases, mailing lists, CRMs, and automation;

  • Ensure data security.
  • Educate clients on their responsibilities.
  • Monitor, track, and report any privacy breaches- this is an unfortunate reality. If you store customer data in Salesforce and Salesforce reports a breach, in most countries you are responsible to report that breach to your potentially-affected end-users too.
  • Data removal processes. When a delete-my-data request comes in, there needs to be a timely process for verifying it, and purging the needed data from all connected systems.

Our zone 4 project classification ( e.g. Germany ) is the most stringent, because it requires local hosting of all content, and local storage of all data.

We rarely accept client projects in this category, because the very laws that seek to keep and protect customer data within national borders make it unrealistic for us to build and support these systems from outside of those borders.

FAQs

Answers to frequently asked questions.

Videos
No items found.
Table of Contents
Comments
Need help with your project?
Talk to us
Want to show your appreciation?
Buy us a beer
Did we just make your life better?
Passion drives our long hours and late nights supporting the Webflow community. Click the button to show your love.
Buy us a beer