The new general data protection regulation (GDPR)
You're running a webshop on the German market? Then you should have your website checked as soon as possible. The GDPR comes on 25.05.2018.
The time has already come on 25 May 2018. The new data protection regulation will become law throughout the EU on this day. In many legal areas - from employee data protection to video surveillance - the GDPR provides for considerable need for action.
But what does the GDPR mean in concrete terms?
The privacy policy:
In general, the obligation to provide information in the data protection declaration will become more extensive with the new GDPR. If you already have existing explanations, they should at least be checked, if not even restated.
We want to be happy to check your data protection declaration, update it or completely rewrite it. This is specifically tailored to the specific requirements of your website.
Collection of personal data (tracking)
In future, it will generally be prohibited to collect personal data. There are some exceptions to this, but these are handled very restrictively. For example, if you use "Google Analytics" analysis software, you should make the data collected anonymous in any case. Particular attention should be paid to the IP address of the respective user. Google Analytics allows you to make them anonymous. Furthermore, you must inform visitors about the use of Google Analytics and / or other tracking tools in the data protection declaration and point out how it works. The types of data collected in each case must be listed. The user must also be offered the possibility of an opt-out. He must thus have the opportunity to object to his tracking.
So we can help you here. We check, analyze and create instructions to make your website legally secure. If you are unable to manage your website yourself, we want to be happy to put you in touch with a suitable service provider.
Cookies
15 Abs. 3 Telemediengesetz that you use cookies. This can be done, for example, with a cookie hint with a link to the data protection declaration.
However, a new EU e-privacy regulation is expected to come into force in 2019, replacing the current directive. It may be assumed that this new regulation will be more restrictive towards entrepreneurs.
A data protection officer?
9 employees who are currently involved in the processing of data. The same applies if you have more than 20 employees. Then, however, it is independent of whether they have data processing or not. Furthermore, there are many areas of application and exceptions in which you are therefore obliged to appoint a data protection officer (doctors, dentists, etc.). Failure to do so could result in heavy fines.
In general, we recommend that you check your website or your entire company to see if you are prepared for the new data protection regulation.
Our lawyer Stephen Hendel will help you with all questions concerning the GDPR - also in English. Simply send us an e-mail to info@gabler-hendel.de.
Your comment
Participate in discussion?Leave us your comment!