The new general data protection regulation (GDPR)

You’re running a webshop on the German market? Then you should have your website checked as soon as possible. The GDPR comes on 25.05.2018.

The time has already come on 25 May 2018. The new data protection regulation will become law throughout the EU on this day. In many legal areas – from employee data protection to video surveillance – the GDPR provides for considerable need for action.

But what does the GDPR mean in concrete terms?

The privacy policy:

In general, the obligation to provide information in the data protection declaration will become more extensive with the new GDPR. If you already have existing explanations, they should at least be checked, if not even restated.

We will be happy to check your data protection declaration, update it or completely rewrite it. This is specifically tailored to the specific requirements of your website.

Collection of personal data (tracking)

In future, it will generally be prohibited to collect personal data. There are some exceptions to this, but these are handled very restrictively. For example, if you use „Google Analytics“ analysis software, you should make the data collected anonymous in any case. Particular attention should be paid to the IP address of the respective user. Google Analytics allows you to make them anonymous. Furthermore, you must inform visitors about the use of Google Analytics and/or other tracking tools in the data protection declaration and point out how it works. The types of data collected in each case must be listed. The user must also be offered the possibility of an opt-out. He must thus have the opportunity to object to his tracking.

We can also help you here. We check, analyse and create instructions to make your website legally secure. If you are unable to manage your website yourself, we will be happy to put you in touch with a suitable service provider.

Cookies

At the moment it is still sufficient if you point out to the user according to § 15 Abs. 3 Telemediengesetz that you use cookies. This can be done, for example, with a cookie hint with a link to the data protection declaration.

However, a new EU e-privacy regulation is expected to come into force in 2019, replacing the current directive. It can be assumed that this new regulation will be significantly more restrictive towards entrepreneurs.

A data protection officer?

If you have a company with more than 9 employees who are permanently involved in the processing of data, you are regularly obliged to appoint a data protection officer. The same applies if you have a company with more than 20 employees. Then, however, it is independent of whether they have to do with data processing or not. Furthermore, there are many areas of application and exceptions in which you are also obliged to appoint a data protection officer (doctors, dentists, etc.). Failure to do so could result in heavy fines.

In general, we recommend that you check your website or your entire company to see if you are prepared for the new data protection regulation.

Our lawyer Stephan Hendel will help you with all questions concerning the GDPR – also in English. Simply send us an e-mail to info@gabler-hendel.de.