Standards Compliance

A well-conceived website recognizes both required AND voluntary standards designed to protect privacy and support universal availability of content for the benefit of all users. Our Website-as-a-Service (WaaS) platform is built to support these standards, and our web development team follows existing and emerging standards to update our client’s platform as the need arises.

General Data Protection Regulation (GDPR) is a significant and evolving component of European Union (EU) privacy law (Article 8 of the Charter of Fundamental Rights of the European Union). GDPR is intended to protect personal data for website/webstore users residing in EU member states.

The EU’s objective is to provide more visibility and control over personal data shared by EU residents with online platforms. At a basic level, GDPR regulates how web-based properties collect and share personal information, and what tracking technologies are used to monitor their online activities. Although enforcement issues exist, U.S.-based manufacturers selling into European markets are technically required to comply.

Key Requirements:

Consumers (data subjects) are empowered under GDPR to request a copy of any and all personal information collected while interacting with online platforms.

• Organizations conducting business in the EU are obligated to respond to such inquiries.
• A Privacy Statement must be provided outlining how/why data is collected, how long it is retained and who will have access to it.
• Consent must be offered (and granted) before personal data is collected.
• Organizations must comply with requests to correct and/or remove personal data.
• Organizations must notify customers if their personal data is stolen.
• All of the above must be done in a timely manner.

Our ProjexTeam™ platform leverages GDPR compliance tools embedded in the WooCommerce codebase to enable full compliance with current regulations.

GDPR and Systems and Organization Controls (SOC 2) standards both strive to protect user data. Organizations based in the U.S. must carefully assess the scope of their operations and the nature of the data they collect online to determine whether GDPR, SOC 2 or both are applicable.

GDPR provides a legal framework for any organization located in — or conducting business with — European entities. The goal is to safeguard sensitive information, particularly personal information, by establishing clear regulatory requirements for data collection, use and storage.

SOC 2 is a voluntary standard, developed by the American Institute of Certified Public Accountants (AICPA) to provide best practice guidance for U.S. based entities that process, store or transmit customer data online. GDPR requires organizations to obtain consent from EU citizens for the collection, transmission, use and storage of their data, while SOC 2 does not.

While GDPR and SOC 2 both claim to safeguard data, they have distinct differences:

• GDPR and SOC 2 both address data processing integrity, confidentiality and privacy.
• Both standards can have a significant impact on end-user trust and reputation management.
• GDPR compliance is mandatory: Non-compliance can result in large fines, generally based on a company’s global annual revenue.
• SOC 2 is a voluntary standard, based on generally accepted privacy principles.