The hype around the GDPR...
...continues shortly after its entry into force. And not without reason. After all, as a company - whether sole proprietors, limited liability companies or public limited companies - these should not be taken lightly. However, in some places there is also some uncertainty about the new basic data protection regulation. As so often, rumours and unawareness fuel these uncertainties. With this article we want to provide a short but easy-to-understand summary of the most fundamental changes and innovations.
Basically this obligation exists according to BDSG (Federal Data Protection Act) and TMG (Telemedia Act) actually for every site operator - even private persons who maintain / own a homepage. This should give visitors of the site the opportunity to find out which data is collected, how it is (further) processed and to object to it.
From experience we can say that the operators and owners of websites often do not know exactly what data they collect from their visitors. Because it is not always only the data that a visitor enters directly into a contact form. User and visitor data can also flow indirectly to third parties - for example through services such as Google Analytics or the famous Facebook Like button.
Be careful with social media plugins!
Especially plugins like Facebook's "Like-Button" or Twitter's "Tweet and Re-Tweet Button" should be used with some caution on your own website or online shop. If these functions are implemented "without further ado" on the homepage, visitor data are already collected and transmitted to the USA when "entering" the website. If personal data is passed on to third parties, the user must be able to read this. This note is therefore indispensable in.
Cookie notice: Not (yet) law but absolutely recommended!
Due to differences of opinion, Germany is currently an exception. Since the Telemedia Act already contains regulations and laws in this country, there is currently no explicit legal obligation to use such a reference. However, the trend of "more security and control over own data" is continuing - most recently with the entry into force of the GDPR.
Prevent possible consequences
As a responsible service company, we are also convinced that this is a sensible measure; not least in order to counteract the fear of warnings and not to offer any surface of attack in the first place. The professional integration of such a cookie notice is therefore strongly recommended for every company website.
The times when a "blanket data protection declaration" on the website was sufficient are over. The above sections show that this statement can and must vary considerably depending on the purpose and technical equipment of the website. The correct and complete naming of the used functions and technologies is mandatory.
To a certain extent it is certainly possible to work with "templates". However, it would be extremely risky to follow the data protection declaration of other website operators or even to adopt the text completely. In any case, as a company or trader, you should seek advice from a web agency you trust or - depending on the scope and purpose of data collection on your homepage - consult a legal expert.
Do you have further questions, need advice or clarification?
Do not hesitate and contact us.
Further information on this topic:
- The General Data Protection Regulation
- Information on the EU-GDPR of the State Commissioner for Data Protection and Freedom of Information Baden-Wuerttemberg
- Guidance and leaflets by the State Commissioner for Data Protection and Freedom of Information Baden-Wuerttemberg
- Supervisory authorities and data protection officers in Germany