The Basic Data Protection Regulation (DSGVO) is an EU regulation that was adopted by the European Parliament in 2016 and came into effect on 25 May 2018. The regulation is intended to ensure that the handling of personal data in the European area is legally standardised and to create principles for this area. This means that the same rules should now apply to everyone in all EU states.
For many companies, this means that some changes are pending, especially for their digital company presentations - i.e. websites and portals. The DSGVO, for example, stipulates that data processing activities in a company must be lawfully observed and at the same time documented in order to be able to prove that they have worked properly in a legal case.
Do you need our help? Contact us without obligation!
The points of attack of the EU directives for websites
The following topics are important for the implementation of the DSGVO/GDPR and the e-privacy regulation for companies. As a digital agency, we are happy to advise you and help you with the implementation of the individual topics. We can bring in a lot of experience from the projects around websites (often with TYPO3), online shops and apps of our customer base to help you cost-efficiently and directly! Contact us without obligation.
Data protection representative
Web page forms
Documentation of the data processing
For whom does the DSGVO apply and for whom does the E-Privacy Regulation apply?
The DSGVO does not distinguish between business-to-customer and business-to-business, since the DSGVO was created to protect natural persons. Since there is always a natural person acting behind a legal person, the Regulation applies equally to both business areas. This means that the DSGVO applies equally to most companies in the European sector.
The situation is different with the e-privacy regulation. This is basically only relevant for companies that operate a type of communications service. This means offering services such as telephones, chats, messengers or mail in your offer. Also under the e-privacy regulation will probably also fall offers that offer online advertising or work in any way with tracking cookies. Since most websites (and any programmatic advertising anyway) fall under this category, the group of companies will be larger than expected.
What happens if a company does not comply with the DSGVO?
The General Data Protection Regulation is mandatory for all companies from May 25, 2018 onwards. Failure to comply may result in fines of up to € 20,000,000 or 4% of your company's annual worldwide sales.
Many companies need a data protection officer
Article 37 of the DSGVO stipulates that every company needs a data protection officer with more than 10 persons processing data. Since every person who handles data on a computer in the company falls under this category, this regulation applies to the majority of companies that have such numbers of employees. The data protection officer should be a public person or an external company that must ensure compliance with data protection. With the DSGVO, the group of companies that need a data protection officer will be significantly expanded once again.
The handling of cookies is further tightened by the GDPR
The e-privacy regulation is clearer here. For the first time, it distinguishes between cookies that are necessary for the operation of a page and all other cookies that are used, for example, for marketing purposes. The former can still be used with an opt-out procedure, all other cookies must be accepted with the e-privacy regulation with the use of the customer or visitor of your site with an active opt-in.
With sgalinski Cookie OptIn we offer a solution that implements the requirements of the GDPR and the e-privacy regulation for requesting the Cookie Consent. Find out more now on our product page.
SSL becomes mandatory for websites
With the so-called Secure Socket Layer encryption, you can only access your website via a secure connection. In this way you protect the users of your website from unwanted invasions of their privacy. Superficially, nothing changes on your website except a small detail in the URL. If your users previously reached the website with "http://www...", you can now be reached under "http**s**://www...". With a certificate deposited with a certification authority, you assure your users that the data they leave behind when they visit your site is encrypted. In most common browsers, the presence of SSL encryption is symbolized with a green padlock. The DSGVO turns SSL encryption from a free choice into an absolute obligation.
Contract data processing contracts with partners and third parties
Third parties and business partners who process data from your company should enter into a data processing agreement with you. This includes, among other things, Google with its Analytics tool and similar services, as well as various marketing and newsletter tools that may be integrated into your website. This also includes payment providers that are integrated into your online shop, for example.