GDPR checklist: Website operators must take this into account
Related Videos: Surveillance webinar (May 2024).
Entrepreneurs and website operators across the EU are trembling before the GDPR. We have therefore compiled a checklist for you with the most important points.
GDPR checklist: This is what your website has to offer
As a website operator, you should carefully consider the GDPR so that you do not face any severely high penalties. Otherwise, fines of up to 20 million euros or four percent of global sales can result.
- One of the key messages of the new GDPR is "Privacy by Design" and means that data protection should be technically implemented in the mechanisms of data processing. In other words: The design of a data processing process must be implemented in accordance with the GDPR and should not permit any deviations from a technical point of view.
- A legible and understandable data protection declaration is also mandatory. You can integrate this into the footer, for example. You can find sample data protection declarations - also free of charge - on the Internet
- You also need a so-called processing directory. In it you must record which information is stored for what reason by whom and for how long. The legislator does not make great demands on the form of this directory, you can find some templates on the Internet.
- You have probably already implemented the information banner for the use of cookies. If not, it's high time for that. It is best to place a button next to the banner that says "Yes, I agree" and to link to the privacy policy.
- If you use forms for data collection, the user must actively agree that this information is stored. An example of this is a contact form, in which you simply add a checkbox for consent. However, make sure that the checkbox is not preselected - the user must take this step himself.
- Another important point of the GDPR is that you, as the website operator, must hand over to your users all the data that you have saved about them free of charge. So you should be able to do that at the request of the users.
GDPR: Check external providers
If you use external data processing services, you must ensure that they also act in accordance with the GDPR - regardless of whether they are located in the EU or in another EU country. For example, if you process your customer data using a web tool, you must obtain written confirmation from the operator that the GDPR is being complied with. If you do not do this, you are liable for the violations of the external service provider.
- Another important point is the social sharing icons. The small buttons for sharing a page send unsolicited user data to the respective provider. For example, if you call up a page with a "Share on Facebook" button, Facebook automatically receives the information that you have been on this page - even if you have not clicked the button at all. In the future, this data may only be transferred after selecting the share option.
- If you use external tools such as Joomla or Wordpress to create your website, you should make sure that they also comply with the GDPR.
- The use of Google Analytics can also cause problems. You must point this out in your data protection declaration, and you must also give your users the option to prevent data collection. You must also anonymize the users' IP addresses. You can do this with the snippet "anonymizeIP". You must also complete an add-on for data processing with Google.