October 24, 2018
Website privacy policies may seem like a nuisance. So, a writer grabs a generic copy from the Internet, runs it by legal, and shazam, you have a privacy policy. But a privacy policy can affect perceptions of your brand and have a positive or negative impact on patients or medical device sales.
Why you should care
Unless you are using e-commerce, a relatively small percentage of your traffic will visit your privacy page. But more than half of them will be reassured to see that you have one at all. The visitors, who are checking more in-depth, are likely people contemplating an action on your site that involves giving up personal information, e.g. signups for email, events, seminars, or purchases. These people are ripe for conversion, and we don't want to lose them!
Privacy counts with consumers
2 to 9% of your site visitors are checking out your stance on privacy. And they're questioning whether they can trust you enough to give up personal information to sign up for a newsletter, an event, or donate money.
Is it unseemly to be this excited about privacy regulations? We plead guilty. Let us explain.
The European Union (EU) recently implemented its General Data Protection Regulation (GDPR), which replaces the Data Protection Directive of 1995. The GDPR is designed to create a uniform web privacy standard across the EU and ratchet up protections and privacy for consumers.
Healthcare companies marketing in Europe must comply.
The EU General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across the European Union. Please note, if you target markets in the EU, non-compliance could make you vulnerable to harsh fines up to 20 million Euros or 4 percent of annual global turnover.
What's so special about the GDPR?
The GDPR tells consumers a) what you're doing with their personal information, b) how you're protecting it as it's stored, c) how long you keep it, and d) what applications or groups may have access to it. Most privacy policies do not cover all these topics.
You've noticed, no doubt, the windows that pop-up on sites that notify you to click to agree to their cookie policy. This is part of GDPR. In your privacy policy, you'll explain what these cookies do, e.g. analytics, managing content, or keeping track of information about a visit.
Cloud applications like SalesForce and email vendors likely contain data that originated from your website. Many of these applications are already GDPR compliant, but double check anything that touches personal information.
GDPR data storage requirements cover data at rest, in transit, and during processing. The Network and Information Systems (NIS) guides from the U.S. government outlines its guidelines for data protection.