Legal Information and GDPR

What Obligations Do Website Operators Have?

Legal requirements arise mainly from the GDPR, the Digital Services Act (DDG), and industry-specific regulations. The exact obligations depend on which data are processed on the website.

Important: Even if you do not actively collect data yourself, a web server always processes data for technical reasons – for example, IP addresses, information about the browsers used, and access times in log files.

Imprint

An imprint is mandatory in any case. It contains contact information about the website operator (e.g., name, company, address, email address) and, if applicable, further mandatory information. Depending on the profession, more details may be required, such as information about the supervisory authority or chamber affiliation. In many cases, liability insurance is also stated. If necessary, a data protection officer must also be named.

Privacy Policy

This is also mandatory. It lists all data processed on the website and how this data is used.

• Type of data processed (e.g., IP addresses, contact data, usage data)
• Purposes of processing (e.g., providing the website, analytics, marketing, contacting)
• Legal basis for processing under the GDPR (e.g., consent, performance of a contract, or legitimate interests)
• Retention period or criteria for determining the retention period
• Recipients of the data and transfers to third parties or countries outside the EU

It also covers all external services used and what data is collected and stored in the process.

Cookie Consent

Before loading content that requires consent, users must be clearly informed about what data is collected, to which services it is transmitted, and what cookies are used. For such data, explicit user consent is required.

This consent is obtained via so-called consent tools. They allow users to give differentiated approval and to revoke it at any time. Without consent, corresponding services must not be loaded.

Encrypted Data Transmission

As soon as data is transmitted via a website – for example, via a contact form, a login to a password-protected area, or an ordering process – it must be done via a secure internet connection. Technically, this is implemented using HTTPS with an SSL/TLS certificate.

Regardless, an encrypted connection is now standard: Even search engines rate it as a ranking factor for website visibility.

What Ongoing Challenges Exist?

The legal requirements for operating a website are complex and constantly changing. For operators, this means: you have to stay up to date – otherwise, risks can quickly arise.

• Legislative changes and new case law must be continuously monitored
• Changes often require adaptations to the tools in use
• Commercial services and plugins must be regularly checked and updated
• New content or external services make adjustments to the privacy policy and consent tool necessary

This leads to a large number of potential sources of error. In the worst case, these can have legal consequences – from warnings to fines.

How Is GDPR Compliance Implemented In Practice?

GDPR compliance is not achieved through individual measures, but is a structured process. This process results from the interaction of legal assessment, technical implementation, and ongoing monitoring.

1. Legal Assessment
Based on the content and functions of the website, the applicable requirements are determined. The type of data being processed determines which actions are necessary – for example, whether a consent tool is required.

2. Technical Implementation
The defined requirements are concretely implemented: appropriate tools are selected, correctly configured, and integrated into the website.

3. Ongoing Monitoring
Implementation is not a one-time state. Changes to content, services used, or legal requirements necessitate regular checks and adjustments.

Many errors do not occur due to a lack of implementation, but rather due to changes made to the website’s content and functions during regular operation.

How We Support You

Creation of Imprint and Privacy Policy

The legal texts are created via the law portal eRecht24. This ensures they are both formally and substantively correct. The privacy policy is specifically supplemented with all passages relevant to your website.

Consent Tool

All websites created with lilac-CMS include an integrated consent tool. Users can grant differentiated consents and revoke them at any time. Services without consent are automatically blocked – no data transmission takes place.

Regular Review of Imprint and Privacy Policy

We will regularly check the currency of your legal texts for you and update them on request.

Regular Content Review of Your Website

Within lilac-CMS, we offer a service to regularly review your content for changes that may require an adaptation of your privacy policy. For example, if you add a new external service to your page created with lilac-CMS for the first time, our system recognizes this and enables you to adapt the privacy policy accordingly.

Mehr zum Thema "Website creation":