← All posts
Small BusinessDecember 29, 2025· 5 min read
Privacy and your website: PIPEDA, GDPR, and CCPA basics
The moment your website collects information — a contact form, analytics, a newsletter — privacy law is in play. You don't need to be a lawyer, but you should know the basics. (This is general information, not legal advice — confirm specifics with counsel.)
The big frameworks
- PIPEDA — Canada's federal privacy law for commercial activity.
- GDPR — the EU's strict rules, which apply if you have EU visitors.
- CCPA/CPRA — California's privacy laws.
Sensible baseline steps
- Have a clear, accurate privacy policy.
- Get consent before non-essential cookies/analytics.
- Collect only what you need and keep it secure.
- Let people ask what you hold and request deletion.
Getting these basics right protects your customers and your business — and a privacy-first setup is simply good practice.