{"id":3241,"date":"2025-03-08T10:39:38","date_gmt":"2025-03-08T09:39:38","guid":{"rendered":"https:\/\/trackboxx.com\/?p=3241"},"modified":"2025-03-17T16:30:26","modified_gmt":"2025-03-17T15:30:26","slug":"operate-website-dsgvo-compliant","status":"publish","type":"post","link":"https:\/\/trackboxx.com\/en\/website-dsgvo-konform-betreiben\/","title":{"rendered":"Operating a GDPR-compliant website: how to succeed"},"content":{"rendered":"<p>The General Data Protection Regulation (GDPR) places high demands on the protection of personal data on the internet. But what does this mean in concrete terms for website operators? In this article, you will find out what steps you need to take to make your website GDPR-compliant and avoid legal risks.<\/p>\n\n\n\n<div class=\"wp-block-stackable-icon-box stk-block-icon-box stk-block stk-40b050d stk-block-background\" data-v=\"2\" data-block-id=\"40b050d\"><style>.stk-40b050d {border-top-left-radius:1px !important;border-top-right-radius:1px !important;border-bottom-right-radius:1px !important;border-bottom-left-radius:1px !important;overflow:hidden !important;box-shadow:none !important;border-style:solid !important;border-color:#cecece !important;}<\/style><div class=\"stk-block-content stk-inner-blocks stk-block-icon-box__content stk-container stk-40b050d-container stk--no-background stk--no-padding\">\n<div class=\"wp-block-stackable-icon-label stk-block-icon-label stk-block stk-83d1557\" data-block-id=\"83d1557\"><style>.stk-83d1557 {margin-bottom:0px !important;}<\/style><div class=\"stk-row stk-inner-blocks stk-block-content\">\n<div class=\"wp-block-stackable-icon stk-block-icon has-text-align-left stk-block stk-b08ea4a\" data-block-id=\"b08ea4a\"><style>.stk-b08ea4a .stk--svg-wrapper .stk--inner-svg svg:last-child, .stk-b08ea4a .stk--svg-wrapper .stk--inner-svg svg:last-child :is(g, path, rect, polygon, ellipse){fill:#eb267d !important;}<\/style><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg style=\"height:0;width:0\"><defs><lineargradient id=\"linear-gradient-b08ea4a\" x1=\"0\" x2=\"100%\" y1=\"0\" y2=\"0\"><stop offset=\"0%\" style=\"stop-opacity:1;stop-color:var(--linear-gradient-b-08-ea-4-a-color-1)\"><\/stop><stop offset=\"100%\" style=\"stop-opacity:1;stop-color:var(--linear-gradient-b-08-ea-4-a-color-2)\"><\/stop><\/lineargradient><\/defs><\/svg><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 512 512\" aria-hidden=\"true\" width=\"32\" height=\"32\"><path d=\"M256 512A256 256 0 1 0 256 0a256 256 0 1 0 0 512zM216 336h24V272H216c-13.3 0-24-10.7-24-24s10.7-24 24-24h48c13.3 0 24 10.7 24 24v88h8c13.3 0 24 10.7 24 24s-10.7 24-24 24H216c-13.3 0-24-10.7-24-24s10.7-24 24-24zm40-208a32 32 0 1 1 0 64 32 32 0 1 1 0-64z\"><\/path><\/svg><\/div><\/span><\/div>\n\n\n\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-f2ecf02\" id=\"wer-muss-sich-an-die-dsgvo-halten-gibt-es-ausnahmen\" data-block-id=\"f2ecf02\"><h5 class=\"stk-block-heading__text\">Who must comply with the GDPR? Are there exceptions?<\/h5><\/div>\n<\/div><\/div>\n\n\n\n<p>The GDPR applies to all website operators that process the personal data* of EU citizens - regardless of the location of the company. This includes blogs, online shops, company websites and forums. There are exceptions for purely private or family websites without a commercial purpose. However, anyone who operates a website that is publicly accessible or uses third-party services must generally comply with the GDPR requirements.<\/p>\n\n\n\n<p><strong>*Personal data<\/strong> is all information that relates to an identified or identifiable person. This includes obvious data such as name, address or email address, but also indirect characteristics such as IP addresses, location data or user behaviour on websites. The decisive factor is that the information can directly or indirectly identify a person.<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>1. privacy policy: mandatory on every website<\/strong><\/h2>\n\n\n\n<p>Every website that processes personal data requires a privacy policy. This must be easily accessible (e.g. via a link in the footer) and contain certain information - including, in particular, answers to the following questions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>What data is collected?<\/li>\n\n\n\n<li>What is the purpose of the processing?<\/li>\n\n\n\n<li>What is the legal basis for this?<\/li>\n\n\n\n<li>How long will the data be stored?<\/li>\n\n\n\n<li>What rights do users have in relation to their data?<\/li>\n\n\n\n<li>Who is responsible for data processing?<\/li>\n<\/ul>\n\n\n\n<p>A GDPR-compliant privacy policy generator can help you to create a legally compliant text.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>2. cookie banner: obtain consent correctly<\/strong><\/h2>\n\n\n\n<p>Tracking technologies such as cookies may not be used without the user's consent. The following points are important:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Opt-in procedure<\/strong>Cookies may only be set after active consent.<\/li>\n\n\n\n<li><strong>Real choice<\/strong>Users must be able to reject cookies without suffering any disadvantages.<\/li>\n\n\n\n<li><strong>Detailed information<\/strong>Which cookies are set and for what purpose?<\/li>\n\n\n\n<li><strong>Subsequent change<\/strong>Users should be able to adjust their cookie settings at any time.<\/li>\n<\/ul>\n\n\n\n<p>Cookie consent tools such as Borlabs Cookie or Cookiebot are recommended. Tip: We have written a separate article in which we explain how you can <a href=\"https:\/\/trackboxx.com\/en\/gdpr-compliant-design-of-consent-banners\/\" data-type=\"link\" data-id=\"https:\/\/trackboxx.com\/dsgvo-konforme-gestaltung-von-consent-bannern\/\">Design a GDPR-compliant content banner<\/a>.<\/p>\n\n\n\n<div class=\"wp-block-stackable-call-to-action stk-block-call-to-action stk-block stk-9da87ca is-style-default\" data-v=\"2\" data-block-id=\"9da87ca\"><div class=\"stk-block-call-to-action__content stk-content-align stk-9da87ca-column stk-container stk-9da87ca-container stk-hover-parent\"><div class=\"has-text-align-center stk-block-content stk-inner-blocks stk-9da87ca-inner-blocks\">\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-a31a9f8\" id=\"webanalyse-ohne-cookies-moglich\" data-block-id=\"a31a9f8\"><h3 class=\"stk-block-heading__text\">Web analysis possible without cookies<\/h3><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-06835b4\" data-block-id=\"06835b4\"><p class=\"stk-block-text__text\">Even if <strong>No cookies set<\/strong> but a different technology is used for tracking, it is still possible to <strong>Duty of consent<\/strong> exist. The GDPR protects all <strong>personal data<\/strong>regardless of the technology used to collect them.<\/p><\/div>\n\n\n\n<p>Your advantage with Trackboxx: <a href=\"https:\/\/trackboxx.com\/en\/\" data-type=\"link\" data-id=\"https:\/\/trackboxx.com\">Our tracking tool<\/a> provides you with <strong>all important information about your website visitors, but does not use cookies and does not collect or process any personal data<\/strong>. Because you don't have to display a consent banner with opt-in for the time being, there are fewer tracking gaps.<\/p>\n\n\n\n<div class=\"wp-block-stackable-button-group stk-block-button-group stk-block stk-29dbbf2\" data-block-id=\"29dbbf2\"><style>.stk-29dbbf2 .stk-button-group{flex-direction:row !important;}@media screen and (max-width: 1023px){.stk-29dbbf2 .stk-button-group{flex-direction:row !important;}}@media screen and (max-width: 767px){.stk-29dbbf2 .stk-button-group{flex-direction:row !important;}}<\/style><div class=\"stk-row stk-inner-blocks stk-block-content stk-button-group\">\n<div class=\"wp-block-stackable-button stk-block-button stk-block stk-14c83c0\" data-block-id=\"14c83c0\"><style>.stk-14c83c0 , .stk-14c83c0 .stk-button{width:100% !important;}.stk-14c83c0 {flex:1 0 var(--stk-button-group-flex-wrap, 0) !important;}.stk-14c83c0 .stk-button{padding-right:40px !important;padding-left:40px !important;background:linear-gradient(135deg,rgb(226,1,119) 0%,rgb(0,92,174) 100%) !important;border-top-left-radius:50px !important;border-top-right-radius:50px !important;border-bottom-right-radius:50px !important;border-bottom-left-radius:50px !important;}.stk-14c83c0 .stk-button__inner-text{color:#ffffff !important;}<\/style><a class=\"stk-link stk-button stk--hover-effect-darken\" href=\"\/en\/helpcenter\/30-day-free-trial\/\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 512 512\" aria-hidden=\"true\" width=\"32\" height=\"32\"><path d=\"M352 256c0 22.2-1.2 43.6-3.3 64H163.3c-2.2-20.4-3.3-41.8-3.3-64s1.2-43.6 3.3-64H348.7c2.2 20.4 3.3 41.8 3.3 64zm28.8-64H503.9c5.3 20.5 8.1 41.9 8.1 64s-2.8 43.5-8.1 64H380.8c2.1-20.6 3.2-42 3.2-64s-1.1-43.4-3.2-64zm112.6-32H376.7c-10-63.9-29.8-117.4-55.3-151.6c78.3 20.7 142 77.5 171.9 151.6zm-149.1 0H167.7c6.1-36.4 15.5-68.6 27-94.7c10.5-23.6 22.2-40.7 33.5-51.5C239.4 3.2 248.7 0 256 0s16.6 3.2 27.8 13.8c11.3 10.8 23 27.9 33.5 51.5c11.6 26 20.9 58.2 27 94.7zm-209 0H18.6C48.6 85.9 112.2 29.1 190.6 8.4C165.1 42.6 145.3 96.1 135.3 160zM8.1 192H131.2c-2.1 20.6-3.2 42-3.2 64s1.1 43.4 3.2 64H8.1C2.8 299.5 0 278.1 0 256s2.8-43.5 8.1-64zM194.7 446.6c-11.6-26-20.9-58.2-27-94.6H344.3c-6.1 36.4-15.5 68.6-27 94.6c-10.5 23.6-22.2 40.7-33.5 51.5C272.6 508.8 263.3 512 256 512s-16.6-3.2-27.8-13.8c-11.3-10.8-23-27.9-33.5-51.5zM135.3 352c10 63.9 29.8 117.4 55.3 151.6C112.2 482.9 48.6 426.1 18.6 352H135.3zm358.1 0c-30 74.1-93.6 130.9-171.9 151.6c25.5-34.2 45.2-87.7 55.3-151.6H493.4z\"><\/path><\/svg><\/div><\/span><span class=\"has-text-color stk-button__inner-text\">Test now for 30 days without obligation<\/span><\/a><\/div>\n<\/div><\/div>\n<\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>3. SSL encryption: mandatory for secure data transmission<\/strong><\/h2>\n\n\n\n<p>SSL encryption (recognisable by \"https:\/\/\" in the URL) is mandatory if personal data is transmitted via your website (<a href=\"https:\/\/trackboxx.com\/en\/contact-forms-consent-is-required\/\" data-type=\"post\" data-id=\"1942\">z. e.g. via contact forms<\/a>). Without SSL, there is a risk of warnings and a loss of trust among visitors.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>4. make contact forms GDPR-compliant<\/strong><\/h2>\n\n\n\n<p>If you use contact forms on your website, please note the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Data minimisation<\/strong>Query only necessary fields.<\/li>\n\n\n\n<li><strong>Earmarking<\/strong>Inform users why their data is collected in the form.<\/li>\n\n\n\n<li><strong>Obtain consent<\/strong>Use a checkbox to consent to data processing with reference to the privacy policy.<\/li>\n\n\n\n<li><strong>Set storage periods<\/strong>You may not store the data indefinitely.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>5. integrate third-party services in compliance with the GDPR<\/strong><\/h2>\n\n\n\n<p>Many websites use external services such as Google Analytics, Facebook Pixel or YouTube videos. So that these are GDPR-compliant:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Google Analytics<\/strong>Anonymised IP addresses, concluding a contract for order processing, opt-in solution for users.<\/li>\n\n\n\n<li><strong>YouTube, Google Fonts, social media plugins<\/strong>: Only load with prior consent.<\/li>\n\n\n\n<li><strong>Use alternatives<\/strong>E.g. Matomo instead of Google Analytics or locally embedded fonts instead of Google Fonts.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>6. conclude an order processing contract (AVV)<\/strong><\/h2>\n\n\n\n<p>If you use external service providers for web hosting, newsletters or tracking, you will need a <strong>Order processing contract (AVV)<\/strong>. This regulates how the service providers handle personal data. Many providers (e.g. Mailchimp, Google) make these contracts available online. We do too, by the way.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>7. maintain a register of processing activities<\/strong><\/h2>\n\n\n\n<p>Companies and independent website operators are obliged to provide a <strong>Processing directory<\/strong> must be kept. This documents which personal data is processed, for what purpose and how it is protected.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Conclusion: GDPR compliance is mandatory<\/strong><\/h2>\n\n\n\n<p>The GDPR places clear requirements on website operators. A privacy policy, a correct cookie banner, SSL encryption and a conscious selection of third-party services are essential. Those who adhere to these requirements will avoid warnings and ensure greater trust among visitors.<\/p>\n\n\n\n<p>Check your website regularly for data protection updates and adapt it accordingly. This way you are on the safe side!<\/p>\n\n\n\n<div class=\"wp-block-stackable-icon-box stk-block-icon-box stk-block stk-30e0ea4 stk-block-background\" data-v=\"2\" data-block-id=\"30e0ea4\"><style>.stk-30e0ea4 {border-top-left-radius:1px !important;border-top-right-radius:1px !important;border-bottom-right-radius:1px !important;border-bottom-left-radius:1px !important;overflow:hidden !important;box-shadow:none !important;border-style:solid !important;border-color:#cecece !important;}<\/style><div class=\"stk-block-content stk-inner-blocks stk-block-icon-box__content stk-container stk-30e0ea4-container stk--no-background stk--no-padding\">\n<div class=\"wp-block-stackable-icon-label stk-block-icon-label stk-block stk-0a3ce1d\" data-block-id=\"0a3ce1d\"><style>.stk-0a3ce1d {margin-bottom:0px !important;}<\/style><div class=\"stk-row stk-inner-blocks stk-block-content\">\n<div class=\"wp-block-stackable-icon stk-block-icon has-text-align-left stk-block stk-8b4e7c8\" data-block-id=\"8b4e7c8\"><style>.stk-8b4e7c8 .stk--svg-wrapper .stk--inner-svg svg:last-child, .stk-8b4e7c8 .stk--svg-wrapper .stk--inner-svg svg:last-child :is(g, path, rect, polygon, ellipse){fill:#eb267d !important;}<\/style><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg style=\"height:0;width:0\"><defs><lineargradient id=\"linear-gradient-8b4e7c8\" x1=\"0\" x2=\"100%\" y1=\"0\" y2=\"0\"><stop offset=\"0%\" style=\"stop-opacity:1;stop-color:var(--linear-gradient-8-b-4-e-7-c-8-color-1)\"><\/stop><stop offset=\"100%\" style=\"stop-opacity:1;stop-color:var(--linear-gradient-8-b-4-e-7-c-8-color-2)\"><\/stop><\/lineargradient><\/defs><\/svg><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 512 512\" aria-hidden=\"true\" width=\"32\" height=\"32\"><path d=\"M256 512A256 256 0 1 0 256 0a256 256 0 1 0 0 512zM216 336h24V272H216c-13.3 0-24-10.7-24-24s10.7-24 24-24h48c13.3 0 24 10.7 24 24v88h8c13.3 0 24 10.7 24 24s-10.7 24-24 24H216c-13.3 0-24-10.7-24-24s10.7-24 24-24zm40-208a32 32 0 1 1 0 64 32 32 0 1 1 0-64z\"><\/path><\/svg><\/div><\/span><\/div>\n\n\n\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-b3d0742\" id=\"dsgvo-im-fokus\" data-block-id=\"b3d0742\"><h5 class=\"stk-block-heading__text\">Focus on GDPR<\/h5><\/div>\n<\/div><\/div>\n\n\n\n<p>The General Data Protection Regulation (GDPR) was adopted by the European Union in 2016 and has been binding since 25 May 2018. The aim is to strengthen the protection of personal data and create standardised regulations within the EU. The GDPR not only affects websites, but also companies, authorities, associations and the healthcare sector. You can find detailed legal texts and up-to-date information on the official <a href=\"https:\/\/europa.eu\/youreurope\/business\/dealing-with-customers\/data-protection\/data-protection-gdpr\/index_de.htm\" data-type=\"link\" data-id=\"https:\/\/europa.eu\/youreurope\/business\/dealing-with-customers\/data-protection\/data-protection-gdpr\/index_de.htm\" rel=\"nofollow noopener\" target=\"_blank\">Website of the EU Commission<\/a> or with national data protection authorities such as the <a href=\"https:\/\/www.bfdi.bund.de\/SharedDocs\/Downloads\/DE\/Broschueren\/INFO1.html\" target=\"_blank\" data-type=\"link\" data-id=\"https:\/\/www.bfdi.bund.de\/SharedDocs\/Downloads\/DE\/Broschueren\/INFO1.html\" rel=\"noreferrer noopener nofollow\">Federal Commissioner for Data Protection (BfDI)<\/a>.<\/p>\n<\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Die Datenschutz-Grundverordnung (DSGVO) stellt hohe Anforderungen an den Schutz personenbezogener Daten im Internet. Doch was bedeutet das konkret f\u00fcr Webseitenbetreiber? In diesem Artikel erf\u00e4hrst Du, welche Schritte notwendig sind, um Deine Website DSGVO-konform zu gestalten und rechtliche Risiken zu vermeiden. Wer muss sich an die DSGVO halten: Gibt es Ausnahmen? Die DSGVO gilt f\u00fcr alle [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3245,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1,67],"tags":[],"class_list":["post-3241","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogboxx","category-datenschutz"],"acf":[],"_links":{"self":[{"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/posts\/3241","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/comments?post=3241"}],"version-history":[{"count":0,"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/posts\/3241\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/media\/3245"}],"wp:attachment":[{"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/media?parent=3241"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/categories?post=3241"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/tags?post=3241"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}