codeaware GmbH Logo

The General Data Protection Regulation on the Approach

Newsletters are an important part of online marketing. However, the upcoming GDPR also requires attention to some points here. You can find the most important legal regulations for commercial email distribution in this article.

The General Data Protection Regulation on the Approach
Ing. Philipp Doblhofer Ing. Philipp Doblhofer

Ing. Philipp Doblhofer

May 25, 2018, is the date. The DSG 2000 (Data Protection Act) will be replaced by the EU-wide GDPR (General Data Protection Regulation).1 This replaces nationally regulated data protection directives with supranational provisions. Austrian companies are thus faced with more or less extensive changes. A key point, for example, is that the previous DVR registration will no longer be applicable. All data processors are required to maintain a current Record of Processing Activities2 themselves from the end of May. This includes not only processing in web and database systems but also, for example, internal company data processing of employees, customers, and suppliers. Payroll accounting is just one of the obvious examples.

Here are some more points that could be particularly relevant for websites:

Privacy Policy

Even now, most websites feature privacy policies of varying extent. Unfortunately, these texts may be outdated due to the new regulation and will therefore need to be replaced. The minimum information required includes the contact details of the company, the purpose of personal data processing, the legal basis, the respective duration of storage, and information about the rights of the subjects. Depending on the individual case, further information may also be mandatory.3

Online Forms

The GDPR also demands minimization of data, its integrity, and confidentiality. This means that, upon its entry into force, all form queries must be made via an encrypted HTTPS transmission. Furthermore, only those fields that are absolutely necessary for data processing may be defined as mandatory (data minimization)4

Social Media Integration

The new regulation also more precisely regulates the integration of social media platforms. In the future, data exchange with Facebook, Twitter & Co. can only occur after the explicit consent of the website user. A possible implementation is, for example, Shariff5. This replaces the standard buttons of social platforms with custom buttons – data exchange only takes place after active clicking by the user.

Since the GDPR necessitates significant changes for every company, it is advisable to seek comprehensive advice before it takes effect, to be optimally prepared.