Every website that complies with data protection regulations must have a data protection notice. But how do you design them correctly? And what happens if they do not comply with the applicable data protection law?
Learn everything important here.
Content of privacy notices
According to Art. 13 of the GDPR, data protection notices are mandatory for every processing of personal data. If mistakes are made here, it can be expensive. Article 13 of the GDPR regulates what information must be provided for all forms of processing and thus also for your own homepage, webshop or similar.
However, many references found on websites are still obviously wrong.
Sources of errors in data protection notices
In most cases, errors in the privacy notices can simply be traced back to ignorance. The person writing the privacy notice does not know what is happening technically on the website. On the other hand, changes may be made on the technical side of which the person responsible is unaware. As an exemplary overview, here are a few sources of error:
1. use of "standard privacy notices
If the website is created by a service provider, this usually provides a standard formulation. However, these do not fit all websites, as they only reflect the standard case. Once there is a text under the "Data privacy notice" tab, however, the reformulation of these notices is quickly forgotten by most of those responsible.
2. use of a modular system
Many websites are created using a modular system. This makes it easier for users with little technical knowledge to create their own website. Here, too, the user cannot understand everything that happens technically "behind the scenes" when formulating the data protection notice. In addition, the modular system is subject to constant changes and optimizations, the inclusion of which in the data privacy notice is usually also forgotten.
3. changes to the website
The website itself is also constantly being expanded and improved. If new functions are added and new services are integrated for this purpose, the corresponding adaptation of the data protection information is usually forgotten.
4. changes in the requirements
In addition to the website, the data protection requirements also change from time to time, of course. The requirements of the supervisory authorities as well as supreme court rulings and changes in the law must also be reflected in the data protection notices.
What to do?
After so many factors that can cause errors, now the positive news: privacy-compliant privacy notices are possible!
A regular review of the website is essential here. Responsible parties as well as software developers, hosts and data protection specialists must be involved in order to cover the sources of error described above.
Do you need expert support in designing data protection notices or other data protection-related topics in compliance with data protection law? Our team of experts will be happy to help you. Contact Contact us for more information!