Website: Data privacy statement is mandatory
As soon as personal data is collected on a website, it must have a data protection statement, the Federal Data Protection Supervisory Authority (BfDI
) has ruled. According to this ruling, however, almost every site needs a data protection statement - even if the homepage only has minimal content. Without many website operators being aware of it, integrated measurement tools of the provider and tools such as Google Analytics store data of website visitors such as time, browser, IP address, entry and exit page, operating system used and data volume in the background. Personal data is also collected when cookies or contact forms are used. But ignorance is no excuse, because: All of this data is considered personal, as it can be used to establish a connection to a person. Therefore, every website - whether private or commercial - must have an adequate privacy policy.Proper imprint and data protection statement
Here's what companies need to keep in mind when implementing data protection regulations on their website: The privacy statement must not simply be inserted into the imprint page, but must be clearly separated from it and unambiguously recognizable. It must be clearly accessible from every page of the website - the imprint, on the other hand, must only be accessible by means of two clicks and must therefore not be linked directly on every page. The privacy policy can also be placed in the imprint if the imprint can be reached by means of one click on the entire website and it is clear from the link that the privacy policy is also available there.
The new General Data Protection Regulation
As of May 2018, the new General Data Protection Regulation will apply to all European companies, and the requirements for a correct privacy policy will be further increased in the course of this. In the future, visitors to websites must be informed even more precisely about the collection and use of their data - they are entitled to extensive rights of information, correction and deletion. The lawyer Michael von Rothkirch of the law firm Heinz v. Rothkirch, specialist lawyers for copyright and media law, therefore warns of the expensive consequences of a missing or incorrectly linked data protection declaration: "This is an administrative offense that can be punished with a fine of up to € 50,000. These fines increase drastically with the new General Data Protection Regulation. In addition, there is the threat of warnings and legal proceedings for infringement of competition law provisions."
IT law is continuously evolving and poses many challenges for digitizing companies, as there is a risk of being warned or sued if regulations and laws are ignored. As a digital agency, we are careful to communicate relevant developments and intricacies of IT law, but we are not authorized to provide legal advice. Companies should seek advice from a law firm or lawyer specializing in IT law in order to continue to grow in online commerce without legal obstacles.
Do you have any questions or would you like a personal consultation?
Our Backend Is Getting More Colorful: Hi, Stefan!
New Course at the Blackbit Academy: Basics of SEO
The Data Director for Pimcore Version 3.7 Is Here
EGGERS Case Study: HubSpot Website for Efficient Lead Management
Leave us feedback