Order your GDPR Compliant Package here for € 75.00
Our GDPR and legal compliance pack includes the following:
- Website terms and conditions
- Data processing agreement (controller-processor)
- Consultancy agreement (standard)
- Commission agreement (optional)
- Non-solicitation agreement (optional)
- Non-disclosure agreement (optional)
- Assignment of intellectual property rights (optional)
- Email disclaimer
Additionally we check your compliance regarding Google Services such as Maps, reCaptcha, Email Forms and general Cookie Settings.
Further Reading and Explanation of GDPR
GDPR-General Data Protection Regulation
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.
The Dutch Data Protection Authority (AP) imposed a fine of €525,000 on a non-EU website provider for failing to appoint an EU representative under Art. 27 GDPR. In addition, the website provider was required to pay a further €20,000 for each two-week period in which it failed to appoint an EU representative (up to a maximum of €120,000).
Violations of the DGPR are not always easy to detect. For example if your Website uses GOOGLE FONTS, they are usually downloaded from a Server in the US for which Google Needs the (your) IP Address to determine where you are.
Earlier this month, a German court fined an unidentified website €100 ($110, £84) for violating EU privacy law by importing a Google-hosted web font.
The decision, by Landgericht München’s third civil chamber in Munich, found that the website, by including Google-Fonts-hosted font on its pages, passed the unidentified plaintiff’s IP address to Google without authorization and without a legitimate reason for doing so. And that violates Europe’s General Data Protection Regulation (GDPR).
That is to say, when the plaintiff visited the website, the page made the user’s browser fetch a font from Google Fonts to use for some text, and this disclosed the netizen’s IP address to the US internet giant. This kind of hot-linking is normal with Google Fonts; the issue here is that the visitor apparently didn’t give permission for their IP address to be shared. The website could have avoided this drama by self-hosting the font, if possible.
The German court ruling echoes two other recent decisions, one earlier in January by Austria’s data protection authority that found the use of Google Analytics violated the law, and one in December last year when a different German court found that a Danish consent manager’s CookieBot program shared European IP addresses with US-based Akamai in violation of EU data laws.
These data privacy judgments complicate how websites and applications can integrate remotely hosted content or services by requiring a legitimate purpose for doing so if personal data gets transferred or lawful consent.
The same goes for the popular Google reCaptcha Plugin or Service which add a Spam Protection to your Contact Forms.
Part of the data which Google collects with ReCAPTCHA is:
- A complete snapshot of the user’s browser window at that moment in time will be captured, pixel by pixel (!)
- Browser plugins
- All cookies placed by Google over the last 6 months,
- Number of mouse clicks/touches you’ve made on that screen
- CSS information for that page,
- The date,
- The browser language
Clearly NOT very GDPR Compliant! But there are ways around it.
I can help you to fully GDPR compliant.Rules and Regulations change frequently or you might have a new Plugin or theme or other Software recently installed which needs to be GDPR checked.
Feel free to contact me and we will find a suitable solution for your specific needs.