The GDPR stands for the General Data Protection Regulation. Because it is a regulation rather than a directive, it is effectively a law in every European Union country. GDPR came into effect in 2018 and replaced the previous privacy directive from 1995. This change is significant because, before GDPR, different countries in the EU had various privacy regulations.

Disclaimer: information on this website does not constitute a legal advice.

The GDPR safeguards the personal and sensitive data of anyone in the EU territory. It is important to note that the GDPR goes beyond protecting EU citizens.

Each European Union country has a data protection authority that interprets and enforces GDPR in the given country. For example, there is Commission Nationale de l’Informatique et des Libertés (CNIL) in France, Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) in Germany, and Datatilsynet in Denmark, etc.

As a citizen or a resident of these countries, you can file complaints against individuals, companies, and institutions violating your GDPR rights with your local data protection authority.

In the post-Brexit era, the United Kingdom adopted its version of the GDPR, the UK GDPR. Thanks to adopting a regulation compatible with GDPR, the UK has upheld its GDPR adequacy status. Therefore, for all purposes, the UK can be treated as if it were applying the same level of protection as GDPR (see the Privacy and Electronic Communications Regulations for more details). But as the UK is no longer bound by EU law, it can change and amend UK GDPR in the future. Monitoring compliance level in the future is essential.

Disclaimer: information on this website does not constitute a legal advice.

Compliance with GDPR is a vast and complicated subject. But if we distil it to its core principles, we can attempt to summarise it in the following manner:

• Do not store any personal data without the explicit consent of the user.
• If you store or process data as the Data Processor, document every processing activity and make the process transparent.
• Adhere to the most stringent security standards. The GDPR obligates the data processor to secure its entrusted data.
• Minimise data collection to only what was agreed on and is necessary.
• Collect only essential information if you do not consent and do not attempt to store personal data.
• Document your processes and ensure there is a qualified Data Processing Officer role that can support any requests from data subjects.
• Be extra vigilant with data transfer to Third Countries and ensure additional security measures are adequate.

This list goes beyond providing cookieless web analytics, as you can see.

A GDPR-compliant web analytics provider, such as Wide Angle Analytics. Wide Angle Analytics acts as a responsible Data Processor, documents all the processes, assures data security and resiliency, provides a transparent data retention scheme and offers a redress mechanism in the form of skilled and qualified contact. It avoids transferring data to countries that cannot ensure adequate data safety.

Disclaimer: information on this website does not constitute a legal advice.

The CCPA refers to the California Consumer Privacy Act, which was enacted at the beginning of 2020. This law applies to every business that processes the personal data of California residents. The CCPA covers personal data such as name, address, email address, social security number, geolocation data, fingerprints, browsing history and record purchased goods.

The CCPA is a unique privacy protection law that does not apply to all states. However, with the dominant nature of the tech industry, which operates mainly from the state of California, it is often referred to as de facto US privacy regulation.

Disclaimer: information on this website does not constitute a legal advice.

There are many differences between the GDPR and the CCPA, but if we were to distil these into essentials, these would be:

• CCPA applies to businesses only, whereas GDPR applies to everyone processing the personal data of EU residents. Moreover, the threshold for a company to be under CCPA is relatively high: annual revenue above $25 million, processing more than 50k residents' data, or at least 50% of revenue is generated from selling the personal information of the California residents.
• Another significant difference is the approach to opt-in and opt-out. The GDPR requires explicit opt-in for anyone to process the personal data of the people it protects. Meanwhile, CCPA forces the creation of a mechanism to opt out.

The GDPR is a much more far-reaching regulation than the CCPA.

Disclaimer: information on this website does not constitute a legal advice.

The PECR stands for Privacy and Electronic Communications Regulations. This UK regulation accompanies the Data Protection Act and the UK GDPR. The PECR regulates such things as marketing emails, calls, and texts. The PECR has its origin back in 2003 and has been amended since then. It is important to note that while there is significant overlap with UK GDPR, satisfying one does not automatically comply with the other.

Disclaimer: information on this website does not constitute a legal advice.

The key difference between the PECR and the UK GDPR is that PECR applies even if you are not processing personal data. This means that many of the PECR rules apply even if the person or individual cannot be uniquely identified.

Disclaimer: information on this website does not constitute a legal advice.

Before the GDPR and the CCPA, many privacy rules were applied in the form of directives or were otherwise missing. That meant it was simple for technology vendors to acquire, gather, or even buy and send users' data and void broader scrutiny. The rules governing personal processing data were fragmented across jurisdictions, and with the explosive growth of the Internet, numerous protections in place proved not on par with technological progress.

The GDPR in Europe and the CCPA in the US changed everything. While enforcement is delegated to state-based authorities, the rules are standard. And more importantly, these rules permeate across borders much more straightforwardly.

Failure to adhere to these regulations can result in huge fines and risk tarnishing a business's reputation.

The Children's Online Privacy Protection Rule, COPPA, is the US data protection rule that aims to protect kids' data.

The COPPA rules apply differently to websites, depending on whether they target children under 13 years old. Whether the website targets kids and aims at those under 13 years old can be ambiguous.

But to generalize, the rules are:

• Provide a clear and comprehensive privacy policy.
• Make an effort to notify parents of Personal Information collection and about changes to such a collection.
• Obtain parental consent to collect Personal Information.
• Provide means for parental review of collected Personal Information.
• Protect the confidentiality and security of collected Personal Information.
• Retain collected data only as long as necessary to fulfil the purpose these were collected.

Disclaimer: information on this website does not constitute a legal advice.

Wide Angle Analytics does not store any Personal Information by default. Hence, even without consent, no PI of minors are being collected.

Furthermore, should you gather consent and store Personal Information as part of your tracking events, we provide you with full documentation about security and data governance. The data is transmitted and stored encrypted.

No data collected is shared with third parties and can data be deleted on request.

Disclaimer: information on this website does not constitute a legal advice.