GDPR - an abbreviation, which worries many web page operators at present. This is because the basic data protection regulation, which will come into force throughout the EU on 25 May, makes the online business sector more obligated than before to store and process personal data. checkdomain gives you an overview of the topic and shows you what you have to pay attention to.
Important note: We are not lawyers. The information and tips collected in this article are not legal advice. If you have concrete legal questions or problems, please contact a lawyer. In addition to this article, the checkdomain team will offer you a webinar on the GDPR together with a lawyer in the coming weeks.
With the new regulation, the European Union is reacting to the fact that data is increasingly gaining value as a raw material. The hunger for data is growing worldwide, and at the same time the collection and storage methods are becoming increasingly sophisticated. With the GDPR, the EU wants to strengthen the rights of consumers on the Internet by regulating the collection of personalised data - such as postal addresses, bank accounts, IP addresses or birthdays - by companies and public authorities throughout Europe for the first time.
From 25 May, the GDPR will replace the Federal Data Protection Act (BDSG) and other regulations that previously applied to website operators. The EU is primarily targeting large companies and public authorities rather than operators of small websites such as bloggers. Nevertheless, this group should also take care of whether its website conforms to the new data protection requirements.
Many of the regulations contained in the GDPR were already in force, but were often insufficiently taken into account, as there was hardly any risk of penalties. This will change drastically with the new regulation: website operators who continue to take data protection lightly must expect severe penalties. The maximum fine can be up to 20 million euros or up to 4 percent of the annual turnover of the entire group. By way of comparison, the BDSG provided for a maximum fine of 300,000 euros.
The GDPR offers less concrete regulations than general principles - it is therefore more of a framework on which website operators can hang around in terms of data protection. The basis for the storage and processing of personal data in the EU is the EU:
On the basis of the aforementioned principles, the GDPR also results in some very concrete changes. These include, among other things, that the principle "place of residence instead of company headquarters" will apply in future. This means that if a citizen in the EU uses an online service, the GDPR will apply even if the provider is based outside the EU. This is intended above all to strengthen the rights of users vis-Ã -vis global Internet groups such as Google or Facebook.
Also new are the right to be forgotten (personal data must be deleted if a data subject requests it) and the right to data transfer. In future, users will be able to transfer data from one company to another without having to provide new information and leave data in two places.
Documentation requirements have also been tightened up. From 25 May, companies with 250 employees or more will be required to keep a register of all data processing operations. Among other things, it must record what type of personal data is collected, how it is processed and how long it is stored. If you would like to know more about this point, this sample directory provides a first orientation.
In fact, the new regulation does not change much at first - at least for all those who have adhered to the previous data protection regulations with their website. Because in Germany comparatively strict data protection guidelines already applied. There are, however, a few points that every website operator should take into account and, if necessary, adapt during his online presence:
These are the most important points in a compact overview. Since - as already mentioned - much of the GDPR is very general, it will only become clear in the longer term what website operators will have to do or which practical solutions will be found. Nevertheless, it is recommendable to already be thoroughly occupied with the topic and to check your own website at least for the most important points.