Go Online Now-Connect – Privacy Laws and Regulation
Privacy laws govern how personally identifiable information (PII), personal healthcare data, and financial information are collected, stored, and used by governments, organizations, or individuals. These laws can vary by country, region, or state but they often share common principles around rights, obligations, and enforcement.
If your business collects, stores, or uses information covered by privacy regulations, you are legally required to follow certain steps based on the geographic location of the individuals whose data you’re handling. For example:
- If you collect data from a customer in the European Union, you must comply with the General Data Protection Regulation (GDPR).
- If your customer is in California, USA, and your business is subject to it, then you must comply with the California Consumer Privacy Act (CCPA).
Privacy regulations are constantly evolving, which is why it’s essential to stay informed and take proactive steps to remain compliant.
How to Use This Guide
Let’s face it privacy laws are complex and ever-changing. That’s why Go Online Now-Connect aims to support our users in navigating these requirements with clarity and ease. While we design our platform to assist in compliance, it’s ultimately up to you as the user and data controller to ensure your business complies with the laws that apply to your data practices.
This guide is not an exhaustive explanation of all privacy laws and regulations. Instead, it’s a resource to help you use Go Online Now-Connect in a way that aligns with compliance expectations.
Disclaimer: Go Online Now-Connect is not a licensed legal advisor and does not provide legal advice. Please consult your own legal counsel to ensure full compliance with applicable laws.
Understanding Data Roles: Controller vs. Processor
Privacy laws differentiate between controllers and processors of personal data:
- A controller determines the purposes and means of processing personal data.
- A processor handles data on behalf of a controller and does not make decisions about the data.
When you use Go Online Now-Connect, you are the controller. You decide what data to collect, why, and how it is used. That makes you responsible for:
- Having a lawful basis for processing personal data
- Ensuring data is only retained for as long as necessary
- Complying with relevant privacy obligations
- Implementing measures to transfer data lawfully to Go Online Now -Connect.
We highly recommend you consult your legal team to fully understand your responsibilities as a data controller.
Controller Compliance Checklist
To support your compliance efforts, Go Online Now-Connect offers features designed to help you meet privacy requirements. Below is a general checklist tailored for GDPR controller obligations, but it can also serve as a starting point for compliance under other privacy laws:
Within Go Online Now – Connect:
- ✅ Configure data retention and deletion settings
- ✅ Use opt-in forms and obtain proper consent
- ✅ Maintain clear records of consent
- ✅ Enable contact preferences for users
- ✅ Set up automated data access and deletion workflows when possible
Outside Go Online Now – Connect:
- ✅ Draft and maintain a Privacy Policy that reflects your data practices
- ✅ Establish legal bases for all data processing activities
- ✅ Respond to data subject access requests (DSARs) in a timely manner
- ✅ Ensure third-party vendors and tools are also compliant
- ✅ Keep internal documentation on how personal data is processed
Please remember: this checklist is not legal advice and should not replace consultation with a privacy professional or lawyer.
A Final Word
Privacy laws will continue to change, and we’ll do our best to keep this guide up to date. Still, we encourage you to regularly check for legal updates and consult your legal advisor to ensure full compliance.
Have ideas on how Go Online Now-Connect can better support your privacy efforts? We welcome your feedback as we continue to improve the platform for you and your customer
Privacy Law Requirement
Explanation
What You Need To Do In Your HighLevel Platform Account
What You Need To Do Outside of Your HighLevel Platform Account
Right to be informed
Individuals have the right to know how their data is being collected, processed, stored, and shared.
Add disclaimers or privacy statements in your opt-in forms, funnels, and websites. Clearly state how data will be used.
Draft and publish a clear, up-to-date Privacy Policy on your website or funnel that includes contact info, purpose, and legal basis of processing.
Lawfulness of Processing
Data must be processed lawfully, fairly, and transparently. You must have a valid reason (legal basis) to process personal data.
Ensure all data collected through forms includes a checkbox for consent and/or clearly explains the purpose of data collection.
Identify your lawful bases (e.g. consent, contract, legitimate interest) and document them. Include this info in your privacy policy.
Consent
Users must give clear and affirmative consent before their data is processed. Consent must be specific, informed, and freely given.
Use opt-in checkboxes (not pre-checked) on all lead forms and landing pages. Store and track consent via tags or custom fields
Maintain records of how and when consent was obtained. Provide instructions for withdrawing consent.
Right to Erasure / Delete, Right to Rectify / Correct Inaccuracies
Individuals can request to delete their data or correct inaccuracies in their information.
Use contact management to delete or update records manually. Automate via workflows to handle deletion or correction requests efficiently.
Set up a process to verify and respond to data deletion or correction requests (e.g., via support email). Document all requests and actions taken.
Right to Data Access and Portability
Users can request a copy of their personal data and transfer it to another provider.
Export user data from their contact record in CSV or PDF format. Log and track all data export requests.
Respond to access requests within the required timeframe (typically 30 days). Share data securely in a portable format (CSV, JSON, etc.).
Right to Rectification
Individuals have the right to request correction of inaccurate or incomplete data.
Update contact records manually or allow users to update their information via forms or surveys
Provide users a way to request corrections (email/support form). Log changes and keep data consistent across systems.
Designation of Data Protection Officer (DPO), Chief Data Security Officer, and Representatives
Some laws (like GDPR) require appointment of a DPO or similar roles for data governance and communication with authorities.
Add internal notes or assign tasks within your CRM workflows for compliance responsibilities. You can also label key team members.
Appoint a DPO (if legally required), list them in your privacy policy, and train them on your privacy and compliance practices. Assign a compliance point of contact for users and regulators.
Last Updated:
September 1, 2025
