With the strict requirements of the General Data Protection Regulation (GDPR) and the associated potential warnings from consumer protection and data protection authorities, financial and legal risks are growing in organisations.
An important part of the GDPR - and unfortunately the main cause of potential trouble - is the consent requirement for sharing personal data of website visitors. It covers much more than just tracking cookies from googleAnalytics. According to the GDPR, the IP address of the website visitor is part of the personal data. However, this address is mandatory in order to communicate with another system. Specifically, this means:
Any access within a website to a server other than the web server requires consent.
Apart from the notorious tracking tools, this concerns e.g.:
Particularly piquant: According to this definition, the use of an external cookie banner tool also requires prior consent, which seems to be the "cat bites the tail".
Note on masking IP addresses
The much-cited masking of IP addresses (e.g. by "fixing" the last two numbers in log files: 88.57.x.x) is, strictly speaking, a "fake protection". The target server must know the complete address. Masking or complete deletion only serves to protect against misuse by unauthorised persons later on. In any case, it is not enough for the operator of an external service to assure that the IP addresses are masked.
For most website operators, it is very difficult to find out whether their website and the associated processes are data protection compliant.
We therefore recommend having regular audits carried out. Regularly because even careless editorial changes can result in violations of the rules. The direct embedding of a YouTube video is an example of this.
With our offer "Security Audit for TYPO3 Websites", we would like to help you not only to comply with the legal regulations, but also to ensure that possible security gaps are closed as quickly as possible.
Our service | Costs* |
---|---|
TYPO3 Security Audit
|
Effort: approx. 12 Hrs. Non-profit organisations: Company: |
* all prices are exclusive of VAT.
TYPO3 Security Audit |
---|
Costs* Effort: approx. 12 Hrs. Non-profit organisations: Company: |
* all prices are exclusive of VAT.
What impact do the GDPR and its German counterpart TTDSG have on my website and how can I take them into account in the most legally compliant way possible?
Here you will learn everything about security & TYPO3: Relevant for administrators as well as editors.
With our self-developed TYPO3 cookie banner extension "wcm" you can effectively protect the privacy of your users.