This is how you implement the GDPR for your website
The GDPR is coming and many website operators are unsettled. Operators of small websites in particular want a quick and easy solution. We have created a short and practical overview for you on how to make your website legally secure in 5 steps.
our solution
We can create a correct data protection declaration and imprint according to DSGVO for you at a reasonable price.
what you have to do now
The following must be included in the consent text:
I agree that my details from the contact form can be used to answer
my request will be collected and processed. The data will be deleted after your request has been processed. Note: You can revoke your consent at any time for the future by sending an email to info@meinedomain.de. Detailed information on handling user data can be found in our data protection declaration.
This is what our contact form looks like
On the other hand, agencies and web designers often have access to your customers' end customer data.
This data may actually only be transferred to other companies and service providers with the consent of the person concerned.
For providers from the USA, the document is called "data processing agreement". You also have to make sure that American providers are Privacy Shield certified. You can check here: https://www.privacyshield.gov/list
You can find the AV contract for Google Analytics here.
1st step: data protection declaration
The problem
Every website requires a new privacy policy. Many points are newly regulated in the GDPR. For example, you must list a legal basis in the data protection declaration for every processing of data.what you have to do now
Create a new privacy policy for your website. our solution
We can create a correct data protection declaration and imprint according to DSGVO for you at a reasonable price.2nd step: contact form
The problem
There are two problems with using a contact form on your website:- The GDPR requires technical measures to protect personal data. It is therefore mandatory to encrypt contact forms.
- A judgment by the Cologne Higher Regional Court requires site operators to obtain the user’s consent (checkbox) for contact forms.
what you have to do now
- Encrypt all pages with an inquiry or contact form via SSL.
- Add consent with checkbox on every contact form.
our solution
- Order and integrate an SSL certificate. The easiest way is to check with your hosting provider. They should be able to order and embed a certificate for you.
- Create consent text and embed it on the page with a checkbox (unchecked) and link to the data protection declaration
The following must be included in the consent text:
- What data is collected?
- What is this data collected and processed for?
- How long will the data be stored and when will it be deleted again?
- A note on the right of withdrawal.
- A note with a link to your privacy policy.
Sample text for consent
I agree that my details from the contact form can be used to answermy request will be collected and processed. The data will be deleted after your request has been processed. Note: You can revoke your consent at any time for the future by sending an email to info@meinedomain.de. Detailed information on handling user data can be found in our data protection declaration.
This is what our contact form looks like
3rd step: SSL encryption
The problem
The GDPR requires technical measures to protect personal data. This does not mean that all websites now have to be encrypted. But all pages where the user enters personal data must have an encrypted connection:- Contact and Inquiry Forms
- Websites where you can order something
- Download pages where the user enters their email address
- Websites where you can subscribe to the newsletter
- Login Pages
- Pages with payment processes
what you have to do now
Encrypt all pages on your website where users can enter personal data with SSL.our solution
The company Let's Encrypt offers free SSL certificates. It's best to talk to your hosting provider to see if your web space includes Let's Encrypt. Should be included with every good provider.4th step: Order processing and external service providers
The problem
Many website operators use the services of external providers. User data from your customers and website visitors is transferred to these:- External newsletter provider
- ticket systems
- hoster
- agencies
- Call center
- External invoice processing and accounting
On the other hand, agencies and web designers often have access to your customers' end customer data.
This data may actually only be transferred to other companies and service providers with the consent of the person concerned.
However, since this is often hardly possible in practice, the construction of order data processing helps to avoid the consent of each individual customer.
what you have to do now
Check which external service provider you need to conclude an AV contract with. If in doubt, you should ask the respective provider for an AV contract. He will then provide you with a contract that you only have to sign.For providers from the USA, the document is called "data processing agreement". You also have to make sure that American providers are Privacy Shield certified. You can check here: https://www.privacyshield.gov/list
our solution
Conclude an AV contract with the respective service providers.You can find the AV contract for Google Analytics here.
Step 5: Keep an eye on the GDPR
The problem
The GDPR is a new law that completely redefines data protection law. Site operators and companies, but also authorities, courts and lawyers will need quite a while before the new law can be correctly interpreted and applied. Here you will be confronted with new problems and developments in the future.what you have to do now
After you have implemented our 4 steps, you should inform yourself regularly about new developments of the GDPR.our solution
- Sign up for our newsletter and receive regular news about the GDPR, warnings and tips & offers for your website.
- Let us create your GDPR-compliant website and benefit from your exclusive customer access to sample contracts, checklists and much more.