What is the General Data Protection Regulation?

The General Data Protection Regulation is a Regulation of the European Union, which regulates the processing of personal data by companies and which is standardized throughout the EU. This protects EU citizens against the misuse of their personal information. This is valid since the 27.04.2016 and is punished since 25.05.2018 with penalties. For this reason, companies that come from or want to sell in the EU are faced with new challenges.

This also applies to internet site operators. These must ensure that the new laws are complied with.

What we know about you

Visited website
Your browser
Your operating system
Your language and country
Your IP address / ec2-18-234-247-75.compute-1.amazonaws.com
Your browser window size
x px

The IP address is a personal date as it is dynamically assigned by the provider. However, this only applies to IP-V4 addresses. If you already refer to the new IP-V6 addresses, you will no longer be assigned them dynamically, but keeps the once assigned permanently. Even if a user logs in and has previously registered, or place an order and enter his address here, the IP address can be assigned a unique person and their address at this time, without having to ask the provider.

This circumstance can be avoided by encrypting the IP address through a proxy or a VPN. Here another IP address is switched before your own, so the own IP address remains hidden.

SSL / TLS encryption

What is an SSL / TLS certificate

An SSL / TLS certificate encrypts the communication channel between two computers, so the data can not be read by third parties. SSL / TLS certificates are available in different security levels and price classes. The certificate is issued by an official certification body, the Certification Authority (CA).

There are 3 types of SSL / TLS certificates:

  • 1. Domain Validation

    It checks whether the applicant has technical access to the domain he has specified.

  • 2. Owner validation

    The applicant must be the existence of the company for example prove by a certificate of registration or trade license.

  • 3. Extended Validation (EV)

    This variant is subject to the strictest procurement guidelines. In addition to the extract from the commercial register, detailed information on the company, as the business headquarters and contact person required. The visitor recognizes such secured page by a green address bar.

Advantages of an SSL / TLS certificate

  • Better Google ranking

  • Secure data transfer with up to 256-bit encryption

  • Greater trust through advanced validation

General Data Protection Regulation

The DSGVO clearly defines SSL / TLS certificates. Any website that has a form must be protected by an SSL / TLS certificate, so SSL / TLS certificates are now an integral part of websites.

Image of SSL / TLS certificate with all important data.


Forms are embedded in the web page input or selection fields to send data to the server. So a quick and easy contact can be established. To continue the contact after the recording these are mostly personal data.

To prevent attacks, forms should be protected by captcha. This makes it difficult to submit the form by computer program.

Example of a form

This form is validated on the server side to properly represent the example. The sent data are neither stored nor answered and are only for demonstration.

Frontend validation
We will never give your e-mail address.

Data protection basic regulation

The DSGVO clearly defines the handling of forms. Each form needs an explicit approval of the privacy statement. To do this, each form must have a checkbox that links to the privacy policy. Submission and processing of the Formualrs may only take place if the checkbox ezpliziet has been activated. This must be validated in the backend as the frontend validation can be issued.

Data protection

A privacy policy describes how data is processed. How is the data collected, how is the data used, who has access to the data, how long the data is stored.
It also describes how to ensure the privacy of users.

What must go:

  • Responsible of the site
  • Affected rights
  • Purpose of data processing
  • Capture of information
  • Notice of change of privacy policy

Optional (if available):

  • Contact form
  • Cookies
  • SSL / TLS encryption
  • Data Protection Officer
  • Third party integrations
  • Opt-out

Database Encryption

Data is usually stored in a database to retrieve them quickly and in a specific context. Personal data must be encrypted, so unrecognizable, stored. So if third parties should have access to these, they can not read them.

General Data Protection Regulation

Personal data must be encrypted and stored.