Uniting the GDPR and the e-Privacy Directive smoothly.
The importance of legal requirements for a website should not be underestimated. After all, a website must not only be technically flawless, but also meet all legal requirements. But what exactly are the legal requirements for a website and how can they be implemented automatically?
The legal requirements for a website are very diverse. For example, it must be ensured that personal data is only collected, stored and processed with the consent of the persons concerned. The terms of use of a website must also be legally sound.
So the GDPR and the E-Privacy Directive are constantly presenting companies with new challenges with two central questions:.
- How can I, as a website operator, keep a fast-moving, almost daily changing element like a website
- comprehensively,
- legally correct
- and always up-to-date?
- How can I, as the person responsible, ensure smooth interaction between marketing managers, lawyers, data protection officers and website administrators?
As you can see, the different interests involved mean that there is a great need for coordination. The numerous implementation measures for the General Data Protection Regulation (GDPR) in 2017/2018 are still a significant topic when it comes to fulfilling the information requirements on a website.
Data protection on your website is an “entry ticket” for authorities & competitors.
Your website and, of course, your online store are your business card to the outside world, with which you directly and/or indirectly demonstrate the importance you attach to handling your users’ data (data protection compliance). Authorities, warning lawyers and competitors use this public “entry portal” to issue warnings or to keep you busy, for example, with requests for information.
This results in two motivational reasons to ensure that your website is legally compliant:.
- avoid warnings and fines
- strengthen the reputation of your company
The exact legal requirements for a website depend on various factors, such as the location of the website or the country in which the website is offered.
In Germany, for example, the following legal requirements apply to a website:.
The side-notice obligation
Every website offered in Germany must contain a clear side-notice. This side-notice must contain the following information: the name and address of the operator of the website, the operator’s contact details, the operator’s VAT ID, and whether the operator is a commercial or private operator.
The Privacy Policy
Every website that collects personal data must contain a privacy policy. Among other things, this privacy statement must clearly and understandably explain what personal data is collected, for what purpose this data is collected and to whom this data is disclosed.
And then you still have to deal with all those cookies.
With a Consent Management System, you need to provide a unified interface for managing user consents. This allows you, as a website operator, to manage and monitor user consents. In addition, a consent management system should automate the collection of user consents and provide a cookie statement and cookie table to ensure that your users are properly informed.
How can you ensure that your privacy policy and cookie table are always up to date?
Your privacy policy should be clearly written and contain all relevant information so that users know how their data is protected. There are several ways to implement your legal requirements on your website.
Your static, manually created privacy policy at date x.
One option is to hire a lawyer or other knowledgeable person to manually review and, if necessary, adjust the legal requirements for the website.
In doing so, the following questions always come up:
- What specific tools (such as tracking tools) are running on a website?
- What cookies are set for website visitors?
For lawyers and data protection consultants, it is usually not easy to answer these questions without extensive questioning and technical input from outside (e.g. from the web agency) or with the help of small technical helpers. Once the complete knowledge about the website is collected, the privacy policy is more or less up to date at the time of creation and in some cases probably complete.
New tool - new happiness?
What is complete today may already not correspond to the current status quo tomorrow. Why? For example, the marketing team launches an online campaign with a new tool and in the heat of the moment, it is not always remembered to inform the legal department or the person responsible for data protection about changes made to the website. In addition, the person responsible for the content of the privacy policy is often not the one who updates it on the website. Therefore, an adjustment of the data protection statement to the actual circumstances is not carried out or mostly only very belatedly.
This raises the big question for you as the person responsible for the website: how can you ensure that the required data protection conformity is always up to date - automatically - and without a lot of effort?
With the help of the fully automated Consent Management Platform (Saas) WebCare from DataReporter.
Your dynamic, automated privacy policy.
To ensure that your website meets all legal requirements, it is best to implement these requirements in an automated way. The technology company DataReporter, has developed a fully automated and legally compliant Consent Management solution for a legally compliant web presence that meets all compliance requirements of the General Data Protection Regulation (GDPR), the ePrivacy Directive (ePrivacy Directive) and standards beyond. WebCare is a 360° solution with which you cover a closed loop between Consent Banner, Privacy Policy, Legal Notice and Tag Manager.
Technical solution and legal expertise in combination - does it work?
Yes it works. The basis of the solution is a new and unique technology that was developed specifically for these requirements - in combination with legal “manpower” that ensures legal compliance even with daily technical innovations and changing legal situations.
For this purpose, a new multi-part analysis method was developed to cover the entire website. In addition to the classic elements, "Swarm Crawling " (also known as crowd crawling) provides a comprehensive overview of the technical conditions of a website. In this process, the website is analyzed by its visitors - legally compliant, anonymized and only after their consent.
Thanks to this crawling approach, all the disadvantages of conventional approaches are eliminated. The entire website is captured - without additional resources or burden on the website and its performance. The further development of this technology contributes significantly to the fact that the highest technical standard is always offered to the users.
Magic or what is really happening in the background?
The cookies on your website are automatically analyzed, categorized and blocked. Based on the determined data, all technical modules used (plugins, tools, …) are detected and automatically played out in the individual privacy statement.
The comprehensive privacy compliance database already contains more than 16,000 categorized cookies, over 700 privacy-relevant modules (described plugins, tools, …) and well over 500 manufacturers worldwide. It is the source for your privacy statement. As mentioned above, the descriptions for the modules are created and constantly expanded by lawyers, they are periodically legally reviewed and revised so that the privacy statement is always up to date. Without manual intervention on your part.
The imprint is also generated fully automatically. Tools such as Google Analytics are integrated into the website fully automatically and in compliance with data protection regulations using a tag manager.
Conclusion: Your all-round-carefree package
With WebCare, you have a fully automated “all-round carefree package” to ensure that your website is legally compliant. Once set up, the entire consent management runs fully automated. Even privacy policy and imprint can be delivered and automatically adjusted according to legal requirements thanks to WebCare’s legal know-how.
WebCare offers you a strong quartet from one source and thus covers all data protection issues of your website.
Avoid penalties and warnings
The best way to avoid penalties related to data protection and cookies is to follow all relevant laws and regulations. This means designing and operating your website to comply with applicable privacy and cookie laws. By using such a technical solution as WebCare, you are able to automate your data protection processes, increase your data protection compliance and protect yourself from risks.
Security through automated legal & technical updates.
Due to the constant updates of WebCare’s privacy compliance database, to the applicable data protection regulations and on the other hand due to its high scalability, you are well secured. By using WebCare, you can operate in the entire European market and meet all requirements at EU level. You benefit from innovative and intelligent technologies, a high degree of automation as well as legal know-how.
About the author:
Mag. jur. Robert Reitmann (CEO & Chief Legal Officer, DataReporter GmbH)
Robert Reitmann is a lawyer and IT expert. Since his studies he has been dealing with the combination of IT and law and has already worked in this field for many renowned industrial companies. As a founding member of DataReporter GmbH, it is his concern to implement automation also in the legal area, especially in data protection. As Legal Tech, he is the direct contact person for customers and partners and is responsible for the further development of DataReporter’s software solutions, under constantly changing legal conditions.
Contact:
DataReporter GmbH
Zeileisstr. 6
4600 Wels, Austria
Phone: +43 7242 677 00 20
E-Mail: we.love@datareporter.eu