The following checklist will help you prepare your websites to comply with the General Data Protection Regulation (GDPR).
Your website's visitors must be able to rely on their data being treated confidentially and with integrity. It helps if the data transmission is encrypted. The transmission path between our servers and your visitors' browsers are not encrypted automatically by IONOS. This means: no security. In principle, all data can be viewed by third parties, e.g. password entries, personal data, entries in forms and fields, etc.
An important step in securing and encrypting the transmission path is the use of an SSL certificate. Many IONOS products already include a free SSL certificate, which is easy to issue and use. Using an SSL certificate has the following advantages:
- Ensures that you are connected to the correct address (domain of the destination address)
- Encrypted data transmission remains protected andmaintains integrity
- Improves Google ranking over time and improves speed through the use of the latest transmission protocol
The General Data Protection Regulation (GDPR) now makes certain things mandatory, rather than voluntary:
- Personal data must be processed in such a way as to ensure adequate security of personal data
- Personal data must be protected against unauthorized or unlawful processing and against unintentional loss, unintentional destruction or accidental damage by using appropriate technical and organizational measures
Therefore, IONOS generally recommends the use of SSL certificates for websites and the operation of online shops, etc.
The article Set Up an SSL Certificate Managed by IONOS provides step-by-step instructions on how to set up an SSL certificate managed by IONOS.
The GDPR contains new guidelines for the data protection declaration, which are mandatory on every website that processes data.
The following contents are recommended:
- The reason for processing data
- The name and contact details of the person responsible or data protection officer
- The legal legitimacy for data processing
- The recipient of the data
- The data storage periods
- Whether data will be passed on to third parties
- The right to information and/or deletion of data
- The indication of the right of appeal to the data protection supervisory authority
- The reference to the use of Google Analytics
Google Analytics: What to Consider
You use Google Analytics to track your website? Then you should read the following points:
- It is mandatory that you point out that you use Google Analytics!
- They must offer an opt-out option. You use WordPress? Use a plugin (e.g. Google Analytics Opt-Out). You can also find an option for this directly in the Google Analytics Plugin under Tracking Code. Then incorporate the code in a sensible place in your data protection regulations.
- You must sign an order processing agreement with Google. You can conclude this agreement directly in your Google Analytics account (Account settings > scroll down > show addendum. Then agree and save). Or quite classically by post: You can find the template here.
- Anonymize your Google Analytics IP. We give you three tips: You use the tracking code directly? Insert the function
- Adjust the storage time: You can now choose between different time periods to determine how long user and event data is stored on analytics servers. The settings will take effect as of May 25, 2018. You can make these settings directly in your Google Analytics account.
Comment Function: Add Note for Data Storage
The transmission and input of data into comment fields or contact forms is also regulated: Visitors to your website must be informed in advance and explicitly agree to this.
Do you use WordPress? Use the WP Discuz plug-in and extend your comment function with a checkbox - implemented as a user-defined field.
Domain registration data
The new General Data Protection Regulation (GDPR) simplifies the requirements for domain contact data. Now only the owner data (Reg-C) is required.
The entries for Admin-C and Tech-C are no longer mandatory and we will no longer transmit this information to the registry.
You can delete any domain contact data for Admin-C and Tech-C by providing updated owner data. Please note that any stored telephone and/or fax numbers will also be overwritten.
- Click on Domains and select the domain with the contact details you want to delete
- Select Privacy & Contact Details from the Actions menu (gear icon)
- Click on Edit
Important: The Admin-C data for the Top Level Domains .de, .at, .eu,and .be will be deleted from their databases by the respective registries on May 25th 2018.
Temporarily taking your website offline
If you are not sure whether your website complies with the GDPR guidelines, you can temporarily take it offline at any time until you have made the necessary changes. Instructions for your product can be found here:
- MyWebsite Creator (current version, ordered after 06/09/2017)
- MyWebsite Creator (previous version, ordered before 09/06/2017) and Website Builder
- Web Hosting
- IONOS Online Store (Version "Now") and IONOS Online Store (Version "Base"). You will find the version of your IONOS Online Store in your shop administration as a footer in the help section (e.g. "Version: X.XX.XX - ePages Base" or "Version: X.XX - ePages Now")