The GDPR - What changes for you?
The hype around the GDPR...
...continues shortly after its entry into force. And not without reason. After all, as a company - whether sole proprietors, limited liability companies or public limited companies - these should not be taken lightly. However, in some places there is also some uncertainty about the new basic data protection regulation. As so often, rumours and unawareness fuel these uncertainties. With this article we want to provide a short but easy-to-understand summary of the most fundamental changes and innovations.
On 25 May 2018, this new "GDPR" came into force in Germany and affects every commercial company in the EU, which is why the abbreviation "EU-GDPR" is frequently used. Now the fear of warnings due to breaches of data protection regulations in particular raises many questions. Does a data protection declaration (or privacy policy) have to be integrated on the company or association website? What content does it have to contain? Which services and techniques does my / our website use at all? And many more...
When is there an obligation to integrate a privacy policy?
Basically this obligation exists according to BDSG (Federal Data Protection Act) and TMG (Telemedia Act) actually for every site operator - even private persons who maintain / own a homepage. This should give visitors of the site the opportunity to find out which data is collected, how it is (further) processed and to object to it.
From experience we can say that the operators and owners of websites often do not know exactly what data they collect from their visitors. Because it is not always only the data that a visitor enters directly into a contact form. User and visitor data can also flow indirectly to third parties - for example through services such as Google Analytics or the famous Facebook Like button.
Be careful with social media plugins!
Especially plugins like Facebook's "Like-Button" or Twitter's "Tweet and Re-Tweet Button" should be used with some caution on your own website or online shop. If these functions are implemented "without further ado" on the homepage, visitor data are already collected and transmitted to the USA when "entering" the website. If personal data is passed on to third parties, the user must be able to read this. This note is therefore indispensable in.
Cookie notice: Not (yet) law but absolutely recommended!
The EU Commission adopted the E-Privacy-Richtlinie 2009/136/EG - or "Cookie Directive" - around nine years ago (2009). It stipulates that the member states must create a legal basis which obliges website operators to inform visitors about the use of cookies.
Due to differences of opinion, Germany is currently an exception. Since the Telemedia Act already contains regulations and laws in this country, there is currently no explicit legal obligation to use such a reference. However, the trend of "more security and control over own data" is continuing - most recently with the entry into force of the GDPR.
Prevent possible consequences
As a responsible service company, we are also convinced that this is a sensible measure; not least in order to counteract the fear of warnings and not to offer any surface of attack in the first place. The professional integration of such a cookie notice is therefore strongly recommended for every company website.
Privacy policy - but correct
The times when a "blanket data protection declaration" on the website was sufficient are over. The above sections show that this statement can and must vary considerably depending on the purpose and technical equipment of the website. The correct and complete naming of the used functions and technologies is mandatory.
To a certain extent it is certainly possible to work with "templates". However, it would be extremely risky to follow the data protection declaration of other website operators or even to adopt the text completely. In any case, as a company or trader, you should seek advice from a web agency you trust or - depending on the scope and purpose of data collection on your homepage - consult a legal expert.
Do you have further questions, need advice or clarification?
Do not hesitate and contact us.
Further information on this topic:
- The General Data Protection Regulation
- Information on the EU-GDPR of the State Commissioner for Data Protection and Freedom of Information Baden-Wuerttemberg
- Guidance and leaflets by the State Commissioner for Data Protection and Freedom of Information Baden-Wuerttemberg
- Supervisory authorities and data protection officers in Germany