We assist you with the implementation of the Basic Data Protection Regulation and the E-Privacy Directive

The Basic Data Protection Regulation (DSGVO) is an EU regulation that was adopted by the European Parliament in 2016 and came into effect on 25 May 2018. The regulation is intended to ensure that the handling of personal data in the European area is legally standardised and to create principles for this area. This means that the same rules should now apply to everyone in all EU states.

The E-Privacy Regulation will be added in 2019. This also comes from the European Parliament and was originally intended to enter into force together with the DSGVO. The new e-privacy regulation will replace the old regulation of the same name from 2002 and the so-called Cookie Directive. The new e-privacy directive is a quasi continuation of the DSGVO and will introduce even stricter rules, particularly with regard to the use of cookies.

For many companies, this means that some changes are pending, especially for their digital company presentations - i.e. websites and portals. The DSGVO, for example, stipulates that data processing activities in a company must be lawfully observed and at the same time documented in order to be able to prove that they have worked properly in a legal case.


Do you need our help? Contact us without obligation!


The points of attack of the EU directives for websites

The following topics are important for the implementation of the DSGVO/GDPR and the e-privacy regulation for companies. As a digital agency, we are happy to advise you and help you with the implementation of the individual topics. We can bring in a lot of experience from the projects around websites (often with TYPO3), online shops and apps of our customer base to help you cost-efficiently and directly! Contact us without obligation.

 

Privacy Policy and Impressum

 

 

User comments

 

 

 

Google Analytics

 

 

 

Data protection representative

 

 

SSL encryption

 

 

Web page forms

 

 

Newsletter

 

 

CRM

 

 

Documentation of the data processing

 

 

Cookies

 

For whom does the DSGVO apply and for whom does the E-Privacy Regulation apply?

The DSGVO does not distinguish between business-to-customer and business-to-business, since the DSGVO was created to protect natural persons. Since there is always a natural person acting behind a legal person, the Regulation applies equally to both business areas. This means that the DSGVO applies equally to most companies in the European sector.

The situation is different with the e-privacy regulation. This is basically only relevant for companies that operate a type of communications service. This means offering services such as telephones, chats, messengers or mail in your offer. Also under the e-privacy regulation will probably also fall offers that offer online advertising or work in any way with tracking cookies. Since most websites (and any programmatic advertising anyway) fall under this category, the group of companies will be larger than expected.

What happens if a company does not comply with the DSGVO?

The General Data Protection Regulation is mandatory for all companies from May 25, 2018 onwards. Failure to comply may result in fines of up to € 20,000,000 or 4% of your company's annual worldwide sales.

Many companies need a data protection officer

Article 37 of the DSGVO stipulates that every company needs a data protection officer with more than 10 persons processing data. Since every person who handles data on a computer in the company falls under this category, this regulation applies to the majority of companies that have such numbers of employees. The data protection officer should be a public person or an external company that must ensure compliance with data protection. With the DSGVO, the group of companies that need a data protection officer will be significantly expanded once again.

The handling of cookies is further tightened by the GDPR

The use of cookies will also be further tightened with the DSGVO. As a website operator, you will now have to obtain explicit consent from visitors to your website with the new regulation if you want to use cookies. Unfortunately, the DSGVO leaves room for interpretation in many cases. Even with cookies, it is not yet clear to what extent they may or may not be used. Only legally binding judgments before courts will give a clearer picture here. Through the best possible handling of cookies on your website, we can already help you as a DSGVO agency to make possible legal action against you unlikely.

The e-privacy regulation is clearer here. For the first time, it distinguishes between cookies that are necessary for the operation of a page and all other cookies that are used, for example, for marketing purposes. The former can still be used with an opt-out procedure, all other cookies must be accepted with the e-privacy regulation with the use of the customer or visitor of your site with an active opt-in.

SSL becomes mandatory for websites

With the so-called Secure Socket Layer encryption, you can only access your website via a secure connection. In this way you protect the users of your website from unwanted invasions of their privacy. Superficially, nothing changes on your website except a small detail in the URL. If your users previously reached the website with "http://www...", you can now be reached under "http**s**://www...". With a certificate deposited with a certification authority, you assure your users that the data they leave behind when they visit your site is encrypted. In most common browsers, the presence of SSL encryption is symbolized with a green padlock. The DSGVO turns SSL encryption from a free choice into an absolute obligation.

Contract data processing contracts with partners and third parties

Third parties and business partners who process data from your company should enter into a data processing agreement with you. This includes, among other things, Google with its Analytics tool and similar services, as well as various marketing and newsletter tools that may be integrated into your website. This also includes payment providers that are integrated into your online shop, for example.


We are happy to help you with your concerns about DSGVO / GDPR and e-privacy!