CONTENT
The 10 most important areas
Privacy policy
Legal notice
Forms
SSL certificate
Comments
Tracking and cookies
Newsletter
Social media
Scripts and external content
Order processing contracts
Home   I   Guide: E-Commerce   I   10 tips for a privacy compliant website!
Nina Nguyen I 18.08.2021
The EU General Data Protection Regulation (GDPR) has been in force since 25 May 2018 and serves to protect personal data. Since then, (web) companies have always had to keep abreast of innovations and the conformity of their collection and processing of personal data, because the requirements and information obligations have been constantly tightening since this regulation came into force. Each and every one of us has the right to determine what happens (or is not allowed to happen) to our data. In times of inexorably advancing technological achievements and constantly new leaks, hacking attacks and data scandals, companies with a website need to be all the more careful about the issue of data protection.
Why? Data privacy violations are very expensive. Since May 2018, fines of up to 20 million euros or 4% of the previous year's turnover have been threatened. A good and well-known example from the social media world is the data protection breach of the platform TikTok in the Netherlands. This incident shows that companies in the international context need to look even more closely at whether they are still complying with all data protection guidelines in other countries in order to avoid heavy fines and bad publicity.
What exactly does the GDPR now mean for website owners and what requirements apply? How can you ensure that the translation of your privacy policy is legally correct? Here are our 10 tips for a data privacy-compliant website.
CONTENT
Privacy policy
Legal notice
Forms
SSL certificate
Comments
Tracking and cookies
Newsletter
Social media
Scripts and external content
Order processing contracts
The requirements for the content of the privacy policy are high. Important: Any processing of personal data must be explicitly described on the website. Every visitor must be informed transparently and in detail. In addition, the privacy policy must be translated and available in all languages in which the website content is offered. The example of the social media platform TikTok shows that it is not enough to make the privacy policy available in English. TikTok is required to make its privacy policy available in the languages of the countries where the platform is permitted. |
In some cases, further information is required, such as the responsible supervisory authorities, commercial, association, partnership or cooperative registers, the person responsible for the content and the VAT or business identification number.
|
The easiest way for visitors to get in touch with you is via a contact form. Since personal data is transmitted, this form must be in conformity with data protection regulations under all circumstances. The same principle applies to other forms, such as the newsletter, registration, login or checkout in an online shop.
|
Personal data may not be read, copied, changed or deleted by unauthorised persons during transmission between the computer and the server. The transmission must therefore be encrypted, e.g. with an SSL certificate ("Secure Sockets Layer"), which ensures encrypted communication between computer and server.
|
If you use additional plug-ins and add-ons on your website, you should check whether personal data is processed and passed on. In the case of a data transfer, once again an order processing contract is required and the visitor must be informed about the use of plugins/add-ons in the privacy policy and be informed about his/her right to object. |
These contracts must be concluded with all third parties to whom personal data is disclosed in exchange for their services. The core components are the subject and duration of the agreement, the type and purpose of the processing of personal data, the rights and obligations of the principal, the obligations of the contractor, the documentation and cooperation obligations as well as technical and organisational measures.
|
Find out who is behind lingoking. Where we come from, what drives us and which mountains we have already climbed.
Get to know us
Available anywhere and at any time. Book translations quickly and easily with our digital web-App for translations.
To our translation services
Tip 5. Comments
If there is a comment function on your website that requires personal data to be entered (e.g. e-mail address), this comment function must be mentioned in the privacy policy. Please note that the data provided for the comments may not be used for purposes other than those described in the privacy policy. Here, too, an SSL certificate is necessary for secure transmission.
Also explain to your website visitors how their data is stored and used by linking to the privacy policy. If you want to make the data protection of your comment function even more secure, you can set the comments so that their contents are first checked before publication. Or names can be replaced by abbreviations or pseudonyms.