When is a website data protection compliant?
Most companies are now familiar with the fact that a website must have a data protection declaration. But here, too, it is important to check whether all aspects of the General Data Protection Regulation are included. The basic requirement is that the website visitor can fully inform himself about the processing of his data and the rights granted to him. In addition, all analysis and tracking tools must be specified. More about the GDPR requirements on the official IHK-Munich web address: “https://www.ihk-muenchen.de/dsgvo-datenschutz-webseite“.
But even that does not constitute a data protection compliant website. Cookies can be used to process personal data, in particular the IP address. As is well known, there must be a legal basis for any processing of personal data. For all cookies that are not technically necessary, the user must give his specific consent. A so-called cookie banner is used to obtain this. What this should look like and what it should contain has also been discussed in court in the past and the result is that a simple display at the bottom of the page with an “Accept” button is not sufficient. More on this in our blog post: “EDSA updates guidelines on cookie consent for websites.”