Get clarity with our data protection assessment of your company’s website! One of our legal specialists will check your website against all matters concerning data protection law.
Upon completion of the assessment, you will receive a comprehensive report. In the report, you’ll find amendments to your website as well as advice pertaining to the appropriateness of technologies or, for example, if consent is required.
Almost all websites process personal data in one way or another and therefore fall under the regulatory requirements of the GDPR. Whoever implements cookies, stores server logs, receives messages via contact or application forms, offers newsletter registration, or sets up tracking and analysis tools or third party technologies, must fulfil the requirements of the GDPR.
The following principles apply: The more personal data that is collected on your website, the more complex the data processing is, the more data that is transmitted to third parties (such as social networks) and the more sensitive the collected data is (such as health data), the more difficult it is to fulfil the GDPR requirements on information of data subjects as well as to implement the technical and organisational measures to protect data.
It is often a challenge to design a data protection compliant website because several points must be considered. But it is quite easy for an experienced person to find violations of the GDPR requirements on a website. The risk of grievances by data subjects is accordingly high and thereby the accompanying risk or imposed fines by a regulatory authority.
One of the most important requirements of those responsible is transparency in providing information to data subjects about the processing of their personal data and their rights as well as these processes (regarding the rights of the data subjects).
Website operators must inform website visitors about what data will be processed and the purpose. In addition, the website operator must clearly explain how website visitors can exercise their rights.
Another relevant data protection legal requirement is the legality of data processing (Art. 6 GDPR together with Art. 7 GDPR). Consent is required, if data processing is not justified by legitimate interests or contractual execution. In the case of websites, this includes cookie consent banners, in particular.
Further, a website operator must ensure the security of the data processing according to Art. 32 GDPR.
Please observe the following notes regarding the scope of services of our website assessment:
- The website assessment includes only the legal aspects of data protection, except for the imprint assessment. We will check for obvious personal data processing on the website and adapt them to the GDPR requirements. We will indicate the areas of non-compliance and how deviations from the requirements can be remedied. We will not check for legal compliance with laws other than the GDPR and if applicable, the German Federal Data Protection Act (FDPA).
- We will check your imprint against all relevant legal requirements, especially the TMG (German Telemedia Act).
- The website assessment includes a website in German or English. A website is understood to be all available content under one domain in one language (e.g. https://www.activemind.shop). If you would like to get an assessment of many websites under many domains or subdomains or in many languages please contact us so that we can prepare a customised proposal for you.
- The website assessment includes up to five analysis and tracking technologies (e.g. Google Analytics, pixel solution of social media, cookies, third party marketing plugins). If you have more than five analysis and tracking technologies, please contact us, so that we can prepare a customised proposal for you.
- The website assessment can end in the result that your website’s processing of personal data is (partially) not compliant with the GDPR. We will inform you if this is the case. Not included is our finding a solution to develop GDPR compliant data processes.
The service will be rendered typically within a maximum of 15 workdays after receipt of all necessary information. Should the work last longer, for example, due to high complexity of the website to be assessed, we will let you know immediately.