New law: Missing data protection statement threatens warning notice

Stefano Viani


03 Mar 2016 Law Digital Agency

On 24 February 2016, the "Act to Improve the Civil Law Enforcement of Consumer Protection Provisions of Data Protection Law" came into force. This is intended to protect consumers online from dubious providers. For website operators, the new law primarily means that consumer protection organisations and competition associations can now issue warnings for data protection violations.

Who is affected by the new data protection law?

Regardless of whether you are an entrepreneur or a private individual - any website operator can be warned if they have not included a privacy policy or only an incomplete one on their website.

What must website operators do now?

Anyone who processes personal data on their online presence must include a correct and up-to-date privacy policy on their website that fully covers this area. Personal data includes user data (names, address and contact details), data collected via social media buttons or Google Analytics and stored IP addresses of website visitors. The privacy policy must also provide information about data processing and data transfer: What happens to data from contact forms? Does a shop operator pass on data to payment or shipping service providers? To whom is data forwarded for competitions or advertising?

Update: Imprint and data protection 2018

Find out what companies need to consider when implementing data protection regulations on their website:

This post was updated on 21/03/2018.

About the Author

As Executive Director of Blackbit digital Commerce GmbH, Stefano Viani manages all areas of the agency in the offices in Göttingen, Hamburg, Berlin and Kiev. His passion is the development of marketing strategies and their implementation in concrete measures.

In his free time, Stefano is passionate about riding his motorbike or working out in the gym.