Data protection – a topic that website operators have to deal with again and again in order to guarantee a safe website or blog for their visitors. In our article, we explain which data protection regulations apply to website operators, bloggers and niche sites. In addition, we would like to show you more tips on how you can make your blog or website more secure.
imprint
Commercial blogs and websites are obliged to provide an imprint according to § 5 TMG (Telemedia Act), which contains information on the address and legal form of the company, among other things. This is usually nothing new for website operators. What many do not know, however, is that this imprint must be accessible from every page of the website with a maximum of two clicks. There is no clear guideline on exactly how this must be implemented. The simplest solution is currently to integrate the imprint in the footer on every page of your website. It is important that you activate this for each browser format. The imprint is displayed regardless of whether your blog or website is accessed from a smartphone, tablet or PC. To be on the safe side with regard to data protection law, you can also integrate the imprint in the menu bar.
In addition to the two-click rule, the path that leads to the imprint must be clearly visible. Accordingly, provisions apply as to how the link may be titled. According to the Telemedia Act, the terms “imprint” and “contact” are permitted. The word “info”, however, is not clear enough.
Data protection
Even stricter rules for accessibility and appreciation apply to the data protection declaration. According to § 13 TMG, the data protection declaration should be explained to the visitor about the collection and use of personal data “at the beginning of the usage process”. In order to be legally on the safe side, the data protection declaration should therefore be accessible from every page with just one click, if possible. The footer solution is also suitable for this, as is the case for the imprint. This link should be referred to as the “Privacy Policy” or “Privacy Policy”.
Web tracking, cookies and logging of the IP address
Some CMS Programs such as WordPress automatically save the IP address of visitors when they leave a comment on the website. In terms of data protection law, this logging can be viewed as personal data and thus questioned. If you don’t really need this function, it is advisable to deactivate it.
However, if you want to keep the logging of the IP address you have to include this in the data protection declaration. And even then, according to Section 100 TKG (Telecommunications Act), the address may only be stored for seven days.
The same applies to web tracking tools and tracking cookies. If these are used, the IP address of the visitors must be anonymized and their use must be explained in detail in the data protection declaration. In addition, the user must be offered an opt-out option, after which he can prevent tracking at any time. This opt-out function is particularly common in newsletters. With one click you can log out automatically and without much effort. The opt-in function is mostly used for cookies, which the user must agree to at the beginning.
If the tracking is carried out by third-party providers, a data processing contract must be concluded between the company and the provider. The minimum requirements for this contract are determined in accordance with Section 11 of the Federal Data Protection Act (Bundesdatenschutzgesetz).
Tip: One Sample contract can be viewed via the Lower Saxony State Ministry. Please note, however, that this must be adjusted and legally checked.
SSL encryption
To protect your website or blog from unauthorized access, it is advisable to encrypt the entire website. The website is encrypted from http to https using SSL encryption. This not only increases the protection of your website, but also that of your visitors and their personal data. In addition, SSL encryption also has a positive impact on the SEO your website, as Google prefers SSL-encrypted websites and these rank higher than unencrypted pages.
Tip: You can find more about SEO optimization at our website SEO tips.
An additional security measure that you can use is the encryption of the transmission of data and programs on the web server itself. Accordingly, you should use the encrypted variants via SFTP or FTPS or scp instead of FTP when transferring to your web server.
Social media plugins
The popular ones are also particularly critical when it comes to data protection Social media Considered plugins. With a single click you can access the corresponding social media channels on the website, which enables detailed tracking and the data of the visitors are transmitted directly to the social media services. This can be counteracted with a simple method in which the forwarding is not carried out directly, but through the so-called two-click solution from heise Verlag. Specifically, this means that inactive social media buttons are attached to your website. If the visitor wants to visit these pages, he clicks on the inactive button and is first asked whether he agrees to the data transfer to the third party provider.
The Shariff solution offers another option. This method prevents the direct exchange of data between the user and the third party provider. The mediation takes place via the web server of the website or blog provider. Only when a visitor clicks a share button will they be connected to the social media platform. This method is a good way to increase data protection, especially for WordPress users, as the first corresponding plugins are already being offered.
Would you like to find out more about data protection? Then visit our category data protection .
[werbung] [fotolia]