Could you safely say that your website is compliant with data protection regulations? Because anyone looking for data protection deficiencies on the Internet will quickly find what they are looking for. Everything is included, from the inadequate cookie banner to the poorly accessible data protection declaration. But what is the cause of this? Do companies not want to meet their legal obligations or do they not even know that they are doing something wrong? You can find out in our GDPR check!
When is a website data protection compliant?
Most companies are now familiar with the fact that a website must have a data protection declaration. But here, too, it is important to check whether all aspects of the General Data Protection Regulation are included. The basic requirement is that the website visitor can fully inform himself about the processing of his data and the rights granted to him. In addition, all analysis and tracking tools must be specified. More about the GDPR requirements on the official IHK-Munich web address: “https://www.ihk-muenchen.de/dsgvo-datenschutz-webseite“.
But even that does not constitute a data protection compliant website. Cookies can be used to process personal data, in particular the IP address. As is well known, there must be a legal basis for any processing of personal data. For all cookies that are not technically necessary, the user must give his specific consent. A so-called cookie banner is used to obtain this. What this should look like and what it should contain has also been discussed in court in the past and the result is that a simple display at the bottom of the page with an “Accept” button is not sufficient. More on this in our blog post: “EDSA updates guidelines on cookie consent for websites.”
What do you have to consider during a GDPR check?
If your company offers a newsletter on the website, some risks of data protection violations must also be considered here. It starts with obtaining legally binding consent. In order to ensure that the user voluntarily and consciously subscribes to the newsletter, the double opt-in procedure is used in the best case. The mere fact that the user provides his or her data in the form does not constitute a sufficient legal basis for sending direct mail.
Not to be forgotten is the security of the processing. All personal data that is made available to you by users must reach you in a secure way. A state-of-the-art encryption protocol is essential.
In order to be able to assess the data protection compliance of a website, it is not enough to know the General Data Protection Regulation. The BSI basic protection and the Telemedia Act are observed here. In addition, there are current case law and guidelines from the supervisory authorities. Anyone who does not deal fully with these topics quickly loses the overview during the GDPR check.
Why you should also have a professional web check carried out
The pitfalls described above are just a few of many. In order to keep the risk of fines for your website as low as possible, we recommend that you have a professional web check carried out. But not only the high fines should be an incentive, but also a vote of confidence in the customer. Anyone who visits a page and realizes that the company behind it values data protection is using the services offered on it with a clear conscience.
Data protection and IT security go hand in hand. A complete data protection declaration or the correct implementation of the cookie banner do not replace the need for current security standards. We take a holistic view of your website, both from a data protection point of view and at the level of IT security.
Talk to us about our web checks! Use our contact form or call us on 08505 91927-0 or find out more about the GDPR check here.
Franziska Kössl hat ihren Bachelor in Wirtschaftsinformatik an der Technischen Hochschule Deggendorf absolviert. Für ihre Abschlussarbeit befasste sie sich dabei mit der Entwicklung von Prüfkriterien zur Beurteilung der Datenschutzkonformität von Websites für unsere Webchecks. Mittlerweile ist sie Produkt-Spezialistin für Webchecks und u.a. verantwortlich für die Weiterentwicklung unserer Datenschutzmanagement-Software „docu-safe“. Als zertifizierte Datenschutzbeauftragte und studierte Wirtschaftsinformatikerin unterstützt sie unsere Kunden bei der Umsetzung der DSGVO mit technischem Know-How und wirtschaftlichem Weitblick.
This post is also available in: German