to content
Fahne deutsch Fahne english
  Contact us now
Website creation

You are here: Website creation > Legal and GDPR

Author: (with the help of ChatGPT)  |   Reading time approximately: 5 min  |   last modified: 20.04.2026

Legal and GDPR

Summary of this page:

Every website must meet legal requirements, which are particularly regulated by the General Data Protection Regulation (GDPR). This includes an imprint and a privacy policy. As soon as a website embeds external services (e.g., maps, website tracking tools), every user must be informed about data processing upon entering the site. These services may only be loaded after the user’s consent. Depending on functionality, additional obligations may apply.

For compliance with these requirements, the website operator is always responsible. In day-to-day operation it quickly becomes difficult to continuously meet all legal requirements.

What duties do website operators have?

The legal requirements arise primarily from the GDPR. Which duties apply in detail depends on which data are processed on the website.

Important: Even if you do not actively collect data yourself, a web server technically always processes data – e.g., IP addresses in log files.

Imprint

An imprint is mandatory in any case. It contains contact details about the operator of the website. Depending on the profession, additional data may be required, e.g., information about the supervisory authority or chamber affiliation. In many cases a liability insurance is also mentioned. If applicable, a data protection officer must also be named.

Privacy policy

This is also mandatory. It lists all data processed on the website and how they are used. It also contains all external services used and which data are collected and stored.

Cookie-Consent

Before loading content that requires consent, it must be clearly shown which data are recorded, to which services they are transmitted and which cookies are used. For such data explicit user consent is required.

This consent is provided via so-called consent tools. They enable you to give consent in a differentiated manner and to revoke it at any time. Without consent, the corresponding services may not be loaded.

Encrypted data transmission

Whenever data is transmitted over a website – for example via a contact form – it must take place over a secure internet connection. Technically this is implemented via HTTPS using an SSL/TLS certificate.

Regardless, an encrypted connection is now standard: search engines also rate it as a ranking factor.

What challenges exist in ongoing operation?

The legal requirements for running a website are complex and constantly changing. For operators, that means you must stay continuously up to date – otherwise risks quickly arise.

This leads to a variety of potential sources of error. In the worst case, these have legal consequences - from cease-and-desist notices to fines.

How is GDPR compliance implemented in practice?

Compliance with the GDPR is not a single measure but a structured process. This process arises from the interplay of legal clarification, technical implementation and ongoing control.

1. Legal clarification
Based on the content and functions of the website, it is determined which requirements apply. Which data are processed determines which measures are necessary – for example whether a consent tool is required.

2. Technical implementation
The defined requirements are concretely implemented: suitable tools are selected, correctly configured and integrated into the website.

3. Ongoing control
The implementation is not a one-time state. Changes to content, used services or the legal situation require regular checks and adjustments.

Many mistakes arise not from missing implementation but from changes to content and functions of the website made during ongoing operation.

How we can support you

Creation of imprint and privacy policy

The legal texts are created via the legal portal eRecht24. This ensures they are formally and substantively correct. The privacy policy is specifically supplemented with all passages relevant to your website.

Consent tool

All websites created with the lilac-CMS include an integrated consent tool. Users can grant consent in a differentiated way and revoke it at any time. Services without consent are automatically blocked – no data transfer takes place.

Regular checks of imprint and privacy policy

We regularly check for you, on request, the up-to-dateness of your legal texts and update them for you

Regular content review of your website

We offer as a service within the lilac-CMS a regular review of content for changes that necessitate an adjustment of the privacy policy. For example, if you first add a new external service to your lilac-CMS-created page, our system detects this and enables updating the privacy policy accordingly.

Note: lilac-media does not create legal texts and does not provide legal advice.

Lilac-media creates websites that stay legally sound from the start and permanently.

Website creation with lilac-media

Mehr zum Thema "Website creation":

Concept

The lilac-CMS and the modules

Features of lilac-CMS

Web Design

Responsive Design

Texts for the website

Multilingual Website

Legal and GDPR

Website Prices

SEO and Visibility

  
  

Schön, dass Sie da sind! . Verschiedene Funktionen helfen uns, diese Website für Sie interessanter und nützlicher zu machen. Bitte entscheiden Sie jetzt, was Sie aktivieren möchten. Sie können mit Klick auf das Icon unten links    jederzeit neu wählen.






Impressum | Datenschutz

Table of Contents: