General Data Protection Regulation (DSGVO)
Dear Customer,
please read this message carefully and promptly. It is really important information!
Data Protection Regulation (DSGVO)
On 25.05.2018, the European Data Protection Regulation (DSGVO) comes into force. By then, the new requirements must be implemented. Even simple websites usually process personal data, which falls within the scope of the DSGVO.
Website privacy policy
The privacy policy, which has been mandatory for many years, must be adapted to the new requirements. By raising the fines to up to 20 million euros or up to 4% of the (global) annual turnover of the previous fiscal year, violations can become very expensive. In addition, there is the threat of competition law warnings from competitors.
A DSGVO-compliant data protection declaration can be created, for example, by a lawyer, a data protection expert or with an online generator for data protection declarations. As an introduction to the topic, the following is a small list of free and paid online services, which does not represent a recommendation by Brain Appeal or claim to be complete:
Privacy Policy Generator
www.wbs-law.de/it-recht/datenschutzrecht/datenschutzerklaerung-generator/
datenschutz-generator.de
www.it-recht-kanzlei.de/agb-starterpaket.php
www.avalex.de
www.e-recht24.de/muster-datenschutzerklaerung.html
Privacy test
www.lda.bayern.de/tool/start.html
www.audatis.de/online/datenschutz-schnelltest/
Close the bulkheads!
In order to avoid warnings, it is advisable to secure your online offers in particular. Just as the above-mentioned online tools can help you with data protection, such tools are also capable of recognizing websites with missing information or inadmissible technical measures in order to issue automated warnings to the operators afterwards.
Therefore, Brain Appeal strongly recommends taking measures. These measures vary depending on the nature of your online offering and must be determined individually. Information on the measures to be implemented can be obtained from lawyers, data protection experts, online services or templates (e.g.: www.lda.bayern.de/de/datenschutz_eu.html), as described above.
Brain Appeal supports you in the technical implementation of the measures you have mentioned, but does not currently offer any testing or consulting services itself. In this respect, all measures mentioned here are to be understood as examples.
Free SSL certificates
As a rule, the DSGVO cannot be implemented without the use of encryption solutions. One measure is the use of SSL certificates. Brain Appeal therefore now offers free SSL certificates in most hosting plans, which enable the website to be called up via https. Please contact us via 0621-437843-00 so that we can send you the order form.
Technical adjustments to the website
In order to maintain data privacy, various technical measures may need to be implemented on your website. Some examples:
- The so-called "two-click solution", which establishes connections to third-party servers only after an explicit click by the visitor to the page. The second click then refers to the use of the service. Areas of use are videos embedded in the website (e.g. YouTube, Vimeo), maps (Google Maps) and integrated social media sharing functions (e.g. Facebook, Twitter, Google+, Xing).
- By "opt-out function", a visitor can object to the further recording of his website calls by so-called trackers (e.g. Piwik / Matomo).
- They are now often used on the Internet: cookie warnings. Visitors are usually informed that the website they are visiting uses cookies and that further information can be found in the website's privacy policy. However, shortly before 25.05.2018, experts still disagree on whether cookies may be set directly when the page is first called up or only after explicit consent by visitors. Depending on which method is chosen, technical measures would have to be taken.
- Nobody is happy about slow-loading websites. And so the loading time of a web page (PageSpeed) is also a metric for Google that flows into the ranking. To optimize the loading time, for example, web fonts were offered on Google servers and integrated by the web pages. Due to the widespread use of this method, visitors download each font only once, and only at the first web page on the net. Already when visiting the second web page, there is no more download of Google Fonts and the web page builds up faster. Google states that it does not track personal data when Google Fonts are downloaded. Nevertheless, as a website operator you are on the safe side to replace web fonts with locally stored fonts.
Please check in your specific case which measures are necessary and contact us if you want us to support you in the technical implementation of these measures.
Deletion of personal data
In the past, Internet applications were usually developed in such a way that the delete function set the data record to "deleted" and was thus no longer retrievable. However, the record is still stored in the database and is retrievable by administrators and thus not truly deleted or anonymized.
Reasons for this approach are to prevent inconsistencies in referenced records and a possible need to retain data as required by law.
If you operate a website or Internet applications with databases, please contact us with information on the desired deletion behavior of the application.
Contract for commissioned processing
An AV contract regulates the rights and obligations under data protection law between the responsible party (customer) and the commissioned processor (Brain Appeal). Brain Appeal provides such an AV contract to its customers. Please contact us immediately about this.
Plan B: temporarily shut down website?
Time is running out and it is possible that lawyers, data protection experts or even Brain Appeal will not be able to implement all necessary measures or technical changes in time. In addition, some topics are not described clearly enough in the GDPR and there are no court decisions on this yet. Therefore, please consider a temporary or partial shutdown of your online offer or integrated functions (e.g. visitor tracking).
Best regards
Jörg Oswald
