Almost everyone who owns a website or a Blog, is affected by the new General data protection regulation. The DSGVO not scaled – it is virtually everywhere. For you not to get into conflict with the law, you need to consider a few things.
DSGVO: not with the law conflict, you need to consider some.
© dlyastokiv – Fotolia.com
The General data protection regulation the EU short DSGVO, affects almost everyone who is even active on the Internet. Operators of Blogs, forums or online shops should, at the latest, check now whether your website complies with the current regulations. Currently, providers in particular, in the case of small, non-commercially-oriented content-a lot of uncertainty. The next months will show whether the DSGVO retains the actual goal, to tame the global data collectors in focus, or whether a warning wave rolls over small Blogs, dealer, or club pages.
The objectives and content of the DSGVO
Privacy as well as rights and obligations on the Internet were regulated in Germany in the past by law. Details on this can be found since 2007, for example, in the tele-media law (
). The DSGVO (
) now create a single European Standard for data protection. The regulation applies in the member States directly, but can be in individual points by the national legislation designed. In Germany this is done for example by the
The Federal data protection act
The core objective of the DSGVO: to protect the fundamental rights and freedoms to every natural Person the right to informational self-determination. The DSGVO also applies to suppliers outside the EU, as soon as data from the EU process to citizens. As in the past, personal data may not be collected without consent, processed, or even to other companies. It is now fixed but more specifically, how consent must be given. The implied consent is no longer sufficient. The users of online services must agree to the data retention explicitly. He also receives the right to withdraw the consent at any time, to obtain information about the stored data or to delete the data.
WhatsApp: DSGVO creates uncertainty for companies
Data must be purpose-bound and are further processed collected – that was in the past. In the DSGVO is now required in addition to that, users need to be informed in an intelligible Form the exact purpose of the respective data collection. The data are for a specific purpose is necessary, you must delete the provider and the user of the deadlines to enlighten. Data breaches now need to be within 72 hours of being reported. Personal data fall into the wrong hands, is, under certain circumstances, a claim for damages.
Anyone who violates the EU data protection basic regulation, must reckon with fines of up to EUR 20 million or four per cent of the worldwide turnover of the enterprise (the higher value decides). According to the BDSG, a sentence of imprisonment of up to three years or a monetary penalty may be imposed if a company transmits, for example, personal data to a third party.
For whom the DSGVO?
In the DSGVO States: “This regulation applies to the processing of personal data by a natural Person for the exercise of exclusively personal or household activity, and thus without reference to a professional or commercial activity.”. As in the past, such as in the case of the imprint obligation, this restriction of the scope of application only for very few sites. Once you install in your Blog advertising or a professional reference, the Website is exclusively for private. If a master Baker, for example, publishes in his Blog, baking recipes, there is a reference to the professional activity and, therefore, the rules of the DSGVO apply to this Blog.
What measures are required?
can generate. The use is for private individuals and small businesses (gross revenues not higher than 17 500 Euro per year) for free. To view all of the headings and click on “Yes” if you use one of the functions mentioned in your Blog. As a result, you will receive a Text that you incorporate into your Website and in a conspicuous place, a link, such as “privacy statement” in the main navigation bar.
Privacy statement: the Text of the Declaration creating quickly on https://datenschutz-generator.de.
If you query the user data, for example in a contact form or the comment function, the data will be transmitted SSL-encrypted. Your site should be “https://”,
you install a free certificate of Let’s Encrypt
Problematic of all WordPress Plugins that forward data to other online services. You need to make sure that these work according to DSGVO. In case of doubt, you disable the Plug-in as a precaution. A list of assessments to DSGVO-conformity of widespread plug-in, you will find, for example,
In General, you must complete a contract for commissioned data processing, for example, if you use Google Analytics. Information, please refer to
. If possible, you should prefer to use analysis tools, such as, for example, Matomo (
). Here, the data will remain on your own Server and under their control. In the Matomo settings under “privacy” options for the anonymization. Also you can find here can explain information on how visitors to your site will disable the Matomo-Tracking (“users optout”) or permission (“Asking for consent”).
Website analysis: Matomo provides all options for use in accordance with DSGVO.
Also, the images require strict control: you should check on your Website, whether you have the consent of all the persons there mentioned by name, or photos are shown. In case of doubt, you should make all the people on the pictures unrecognizable in order to avoid legal risks.
Storage of IP-addresses
Also, IP addresses are considered personal data. Mostly, however, it is necessary to store the IP addresses of the accessing users, at least for some time, for example, if you protect your Server with Fail2Ban. The IP addresses also help in the anti-Spam in comments and dler awareness of misuse of the comment function. You can invoke the storage of data on “legitimate interests”, according to the DSVO of article 6, paragraph 1, if you delete the server logs, for example, every seven days, or at least the IP addresses in the archived Logs anonymize. What steps are necessary depends on the server installation. Web hosts offer in the configuration interface in the rule options that you can use the anonymization and the duration of the Logarchiv can set.