It’s been almost two years since the European Union’s General Data Protection Regulation came into force. A lot has happened since then, so we updated our explainer article with fresh information.
In this post, we’ll summarize aspects of the new General Data Protection Regulation that are particularly relevant for website owners like you. Then we’ll explain what features Jimdo provides to help you make your site GDPR-compliant.
This article talks about Jimdo features that help you make a GDPR-compliant website or online shop. It doesn’t cover additional steps you may need to take if you use third-party content or tools. Please note that this article does not constitute legal advice.
Topics we’ll cover:
- Why is the GDPR such a hot topic?
- Who is affected by the GDPR?
- How do I find out what data my site is collecting?
- What about Google Analytics and Jimdo’s Statistics feature?
- My site is collecting data—what should I do?
- What features does Jimdo offer to help?
Why is the GDPR such a hot topic?
The General Data Protection Regulation certainly triggers a lot of passionate debate. This is understandable, because the regulation (“GDPR”) affects almost all website owners and requires them to take certain steps to make their sites compliant.
However, there are a lot of half-truths circulating in online forums and opinion columns. This makes it tough to separate fact from fiction and keep track of what you actually need to do.
There is no such thing as a “simple solution” because providers like Jimdo are not legally permitted to offer you legal advice. On the one hand, every single case (and website) is different. And secondly, legal advice is reserved for real experts, namely lawyers.
Nevertheless, we’d like to provide you with the best possible information within the scope of our powers, and we hope to give you as much clarity as possible!
Who is affected by the GDPR?
The GDPR affects anyone with a website that stores/processes/tracks “personal data.” This often happens automatically through different services—we’ll get to that soon. The GDPR understands personal data as (among other things):
- First name and last name
- Email address
- Bank accounts
- Location data
- IP addresses
- Cookie ID
This definition means that virtually all website owners and online shop owners have to review their site and adapt it, where necessary.
A website is affected by the GDPR if:
- IP addresses of website visitors are transmitted/stored
- There’s a comment function where you can input an email address
- Visitors can comment
- There’s a contact form
- There’s a newsletter subscription
- There’s an online service provided via a subscription model
- The behavior of visitors is analyzed through tracking and cookies
- It uses social media plugins that don’t offer a two-click solution to limit tracking
How do I find out what data my site is collecting?
The following questions can help you figure out what data you are collecting—perhaps without even realizing:
- What data do I collect/process/use on my website?
- In which way do I collect this data?
- Do I have a contact form? Guestbook? Blog?
- Do I use Google Analytics or another statistics tool on my site? This also includes Jimdo’s Statistics tool, if you’ve activated it.
- What third-party widgets and plugins did I integrate on my site? There are browser add-ons like Ghostery or Privacy Badger that will show the cookies being used on your website plus all the services you have integrated.
- What services/products do I sell on my Jimdo website?
- Will products be created through my Jimdo website? (e.g. digital merchandise).
If any of your answers indicate that you collect personal data, in general, or through these services, the new GDPR rules will affect you. You can try out this self-assessment tool to give you a better idea of what you need to check.
- The purpose/reason(s) for the data processing
- The name and contact details of the person responsible or the data protection officer (if you have one)
- The legal basis for the data processing (Article 6 of the GDPR)
- The recipients of the data
- The storage period of the data
- If applicable, the extent to which you give your data to third parties (possibly in a different country)
- The rights of data subjects, such as the right to information and/or deletion of data
- The statement of the right to lodge a complaint with to the data protection supervisory authority
- If necessary, a reference to Google Analytics
What about Google Analytics and Jimdo’s Statistics?
If you use your own Google Analytics account, it may be necessary to accept the data processing contract/addendum with Google. You can complete this directly in your Google Analytics account.
Jimdo’s own Statistics function is based on Google Analytics. If you only use this Jimdo feature, it’s sufficient to sign the data processing contract with Jimdo, as Jimdo has already signed a contract with Google.
My site is collecting data—what should I do?
Once you’ve determined that you’re collecting personal data (see definition under “Who is affected by the GDPR?) from your website, the next step is to consider:
- Whether this is in compliance with the GDPR or
- Whether you should remove the applications concerned.
For external applications such as widgets etc. it’s best to check with the respective provider, to what extent their services comply with the GDPR. We recommend speaking (additionally) with a legal expert.
For Jimdo features, including but not limited to the Guestbook Element or cookies, Jimdo has made certain changes so you can customize these features to comply with the GDPR. More in the next section.
What features does Jimdo offer to help?
Jimdo’s website builder offers various built-in features to help you to make your website compliant with the GDPR:
- A customizable Cookie Banner (“pop-up”)
- “Shariff”: A two-click solution for social media features to limit their tracking.
Please check whether these functions are relevant for you and adjust them as appropriate.
Where can I find more information?
There’s more information on the GDPR and Jimdo in our Support Center. There you’ll also find a list of recommended links for more details on the General Data Protection Regulation.
We understand how difficult and time-consuming it is to get through the legal jargon of a new regulation. So we hope this article helps add some clarity to your GDPR preparations for your website.
As entrepreneurs, you’re always faced with challenges and this is just one more that we know you can overcome!
This post was originally published on May 21, 2018 and updated on April 8, 2020.