Making websites safe from warnings or penalties is the goal of every web designer. However, in order to execute this successfully, there are some warning traps to avoid and privacy rules to follow.
In this article, we explain how to design safe websites, what can generally lead to a warning notice and how to find out if your website is also warning-proof.
How do I design warning-proof websites?
You can design warning-proof websites by having a complete privacy policy and imprint, legal texts, a legally secure domain, unique content, a legal newsletter, encryption and a cookie banner.
Complete privacy policy
As soon as you collect personal data on your website, whether it's a contact form, signing up for a newsletter, or to be able to post a comment, you are required to design a full privacy policy for your website.
The following information is most important to include in the privacy policy:
Contact information of the responsible party (name, address, phone number, email address).
Information about the collection of personal data (What data? How? Why?)
Information about the storage period of the data
Explanation of the legal basis for the collection and further processing of the information as well as the rights of visitors
If personal data is passed on to third parties, naming them
Any information about tracking or analysis tools used, cookies and any plug-ins.
If you have visitors on your website who are not from German-speaking countries, you should also offer them the privacy policy in English.
Complete imprint
An imprint is required for every website that is not exclusively for private purposes. Accordingly, freelancers or companies must provide their visitors with an imprint. If the imprint is missing, they must expect warnings or penalties.
Similar to the privacy policy, there are mandatory details that every imprint must contain:
Contact details of the person responsible (name, address, telephone number, e-mail address).
Register number and location of the register (if registered)
Sales tax identification number or business identification number
Chamber affiliation (freelancer)
Details of the consumer arbitration board (for online stores and service providers)
The additional information you are required to include in the imprint depends on the type of business, your profession, legal form and whether you are a freelancer. Please inform yourself in detail about the mandatory information in the imprint according to ยง 5 TMG!
Create legal texts
Legal texts are the texts that answer all the customer's questions about their rights. Legal texts are therefore, among other things, the privacy policy, the imprint, but also the terms and conditions, a cancellation policy or payment and shipping information for online stores.
These legal texts are a condition for building your website to avoid warnings and penalties. At this point, you must always be familiar with the latest legal rulings. However, you can also have your legal texts designed by other service providers.
Especially with the GTC, make sure that this legal text is also unique and not copied from another website - the GTC are also subject to copyright. Also wrong or illegal clauses are not allowed in the GTC and can lead to warnings.
Legally secure domain
To set up a website, you as a web designer need a legally secure domain, which means that it must not violate name or trademark rights. Carry out a detailed trademark search and make sure that the domain you want to use for your website does not contain any protected names and/or trademarks. Also make sure that the domain you want is not already taken.
Once you have chosen a legally secure domain, now look for a web hosting provider based in Europe (as the DSGVO only applies in the European Union) and sign a contract for order processing with your host provider.
Unique content
Content at this point does not only mean the texts of a website, but furthermore any images, videos or the design of your website. If you, as a web designer, take over all content from other websites without asking the owner's permission or signing a contract with him, you will have to expect a warning and/or penalty.
If you do wish to include content from other websites on your website, copyright owners must always be credited with any adopted content after obtaining usage rights.
If you use your own images or videos on your website, you must ask all persons to be seen on them for their consent before publishing them on the website.
DSGVO-compliant newsletter
When it comes to newsletters, there are some criteria to make them safe from warnings. These are, for example, that you must obtain the visitor's consent in every case so that you can send them the newsletter to the email address they have provided. The best way to do this consent is by double opt-in.
When your visitors provide their contact details, only the field for the email address should be mandatory, filling in all other details happen on a voluntary basis. In addition, provide information about the frequency of the newsletter and explain the purpose for which the recipient's information must be collected.
Make it directly clear that visitors can unsubscribe from the newsletter at any time if they wish, and link to your privacy policy, which includes all the details about how the data is collected in the newsletter.
Encrypt website with SSL certificate
If you ask for personal information on your website, the DSGVO requires you to encrypt your website with an SSL certificate. You can purchase this certificate from a certification authority.
SSL encryption ensures that unauthorized third parties cannot access the personal data collected from visitors. This is particularly important for newsletter registration, orders, the login area and contact forms.
If the SSL certificate is present, it ensures that a lock icon is displayed at the URL bar on the website. This shows visitors that the website is secure and encrypted. Thanks to the SSL certificate, the HTTPS protocol is enabled, which enables secure data exchange between the visitor and the owner.
Moreover, an encrypted website builds customer trust and gives you a better Google ranking.
Create Cookie Consent Banner
A cookie consent banner is a must on any website as soon as marketing or tracking tools are used, social plug-ins are used, personal data is collected or other cookies are used.
Marketing or tracking tools are, for example, tools that analyze the user behavior of your visitors, which can help you with your company's marketing strategy.
Social plug-ins refer to all social media buttons that lead directly to the corresponding social network via a website. An example of this is the Like me button from Facebook. Since the connection to the social network is established when clicking on these buttons, important information of the users is directly passed on to the company of this network. The visitor must be informed about this and agree to it.
The appearance of the cookie consent banner is also essential. The boxes for the use of individual cookies must not be pre-selected, but must be clicked individually by each user, if necessary. In addition, the "Reject" and "Accept" buttons must be equivalent. Accordingly, the Accept button must not be highlighted in color or otherwise.
It is also necessary to allow the user to object to the consent of the cookies at any time and thereby not deny him access to the website.
Comply with data protection
In order to comply with the Data Protection Regulation on your website, you must obtain the consent of the users for the collection of personal data. If you do not have this permission, you may not collect the information.
Furthermore, you must not store more information than is needed for the purpose, and you must use this information only for the purpose you specify. The more sensitive the information, the higher the level of protection you must provide on your website.
In general, if you have personal data collected by external service providers, you must in any case conclude a contract for processing with them. The contract must state how long the information will be processed, how it will be done and for what purpose.
What can lead to a warning for websites?
For example, an incomplete or missing imprint, no information about data protection, copying content from other websites, a non-encrypted website, the lack of consent for data collection and all violations of the DSGVO can lead to a warning for websites.
Is my website at risk of warnings?
You can already find out for yourself whether your website is at risk of warnings for many aspects. Use all the criteria listed above and other warning checklists that can be found online. If you want to be on the safe side, have your website checked for legal security.
Do you want to have your website checked for legal security?
If you would like to have one or more websites checked for legal security by a professional company, we offer you exactly that with our data protection audits.
At Decareto, we will use a DSGVO scanner to provide you with detailed reports on the legal compliance of your website and, if you wish, help you fix any privacy issues on the website.
The scan is repeated monthly and we will notify you if anything has changed legally and you need to make improvements to your website(s).
The advantage of Decareto over free scanners is that our scanner analyzes not only the home page, but all sub-pages of a website and checks them for legal compliance. Thus, all forms, the privacy policy, the imprint and the lawful use of cookies are also taken into account.
If you are interested or have any questions about how you can make your website warning-proof, please feel free to contact us!
Author: Eckhard Schneider
