A lot has happened since the European Union’s General Data Protection Regulation came into force in 2018, so we’ve updated our explainer article with fresh information.
In this post, we’ll summarize aspects of the General Data Protection Regulation that are particularly relevant for website owners like you. Then we’ll explain what features Jimdo provides to help you make your site GDPR-compliant.
This article talks about Jimdo features that help you make a GDPR-compliant website or online shop. It doesn’t cover additional steps you may need to take if you use third-party content or tools. Please note that this article does not constitute legal advice.
Why is the GDPR such a hot topic?
The General Data Protection Regulation certainly still triggers a lot of passionate debate. This is understandable, because the regulation (“GDPR”) affects almost all website owners and requires them to take certain steps to make their sites compliant.
However, there are a lot of half-truths circulating in online forums and opinion columns. This makes it tough to separate fact from fiction and keep track of what you actually need to do.
There is no such thing as a “simple solution” because providers like Jimdo are not legally permitted to offer you legal advice. On the one hand, every single case (and website) is different. And secondly, legal advice is reserved for real experts, namely lawyers.
Nevertheless, we’d like to provide you with the best possible information within the scope of our powers, and we hope to give you as much clarity as possible!
Who is affected by the GDPR?
The GDPR affects anyone with a website that stores/processes/tracks “personal data.” This often happens automatically through different services—we’ll get to that soon. The GDPR understands personal data as (among other things):
- First name and last name
- Address
- Email address
- Birthdays
- Bank accounts
- Location data
- IP addresses
- Cookie ID
This definition means that virtually all website owners and online shop owners have to review their site and adapt it, where necessary.
A website is affected by the GDPR if:
- IP addresses of website visitors are transmitted/stored
- There’s a comment function where you can input an email address
- Visitors can comment
- There’s a contact form
- There’s a newsletter subscription
- There’s an online service provided via a subscription model
- The behavior of visitors is analyzed through tracking and cookies
- It uses social media plugins that don’t offer a two-click solution to limit tracking
How do I find out what data my site is collecting?
The following questions can help you figure out what data you are collecting—perhaps without even realizing:
- What data do I collect/process/use on my website?
- In which way do I collect this data?
- Do I have a contact form? Guestbook? Blog?
- Do I use Google Analytics or another statistics tool on my site? This also includes Jimdo’s Statistics tool, if you’ve activated it.
- What third-party widgets and plugins did I integrate on my site? There are browser add-ons like Ghostery or Privacy Badger that will show the cookies being used on your website plus all the services you have integrated. If you use Jimdo, this point is only relevant for websites built with Creator—our website builder for coding experts.. You don’t have to worry about this with our modern website builder, because we developed it so you can run your website or online store without doing any coding.
- What services/products do I sell on my Jimdo website?
- Will products be created through my Jimdo website? (e.g. digital merchandise).
If any of your answers indicate that you collect personal data, in general, or through these services, the GDPR rules will affect you. You can try out this self-assessment tool to give you a better idea of what you need to check.
What content is recommended for your Privacy Policy?
The GDPR also provides new guidelines for your website’s Privacy Policy. A Privacy Policy, sometimes called a “Data Protection Notice” is like a letter to your customer in which you specify what personal information you collect and how you intend to handle it.
It’s generally recommended that your Privacy Policy include:
- The purpose/reason(s) for the data processing
- The name and contact details of the person responsible or the data protection officer (if you have one)
- The legal basis for the data processing (Article 6 of the GDPR)
- The recipients of the data
- The storage period of the data
- If applicable, the extent to which you give your data to third parties (possibly in a different country)
- The rights of data subjects, such as the right to information and/or deletion of data
- The statement of the right to lodge a complaint with to the data protection supervisory authority
- If necessary, a reference to Google Analytics
In cooperation with Trusted Shops, Jimdo now offers a Legal Text Generator for websites and online stores based in the EU.
What is Jimdo’s Legal Text Generator?
Answer a few easy questions, and our tool will generate personalized, GDPR-compliant legal texts for your website or online store automatically. This means you can stop worrying about how to write and update your legal texts and focus on running your business instead.
How does it work?
You answer some simple questions and the Legal Text Generator creates lawyer-approved legal texts customized for your business. You don’t need any legal knowledge and your texts are covered by the Trusted Shops Guarantee.
What legal pages are covered for your website?
- Privacy Policy
- Imprint
What legal pages are covered for your online shop?
- Privacy Policy
- Imprint
- Return Policy
- Terms and Conditions
Important for online store owners: You should still check industry regulations for the type of product you’re selling, e.g textile regulation for retail shops. In these cases, you can add the details to your product description. Unlike other generators, Trusted Shops guarantees that all legal texts drawn up with our generator are 100% GDPR compliant—so you’re always protected.
Do you want to know more about this amazing tool? Have a look at our dedicated page.
Note: As a result of Brexit, the Legal Text Generator cannot be used on Jimdo sites and shops of UK-based businesses.
What about Google Analytics and Jimdo’s Statistics?
If you’ve connected your website or store with GoogleAnalytics, make sure to say so in your Privacy Policy. Another mandatory element is the so-called “opt-out”—the possibility for a visitor to object to the data collection (as we’ll explain further on).
If you use your own Google Analytics account, it may be necessary to accept the data processing contract/addendum with Google. You can complete this directly in your Google Analytics account.
Jimdo’s own Statistics feature is based on Google Analytics. If you only use this Jimdo feature, it’s sufficient to sign the data processing contract with Jimdo, as Jimdo has already signed a contract with Google.
My site is collecting data—what should I do?
Once you’ve determined that you’re collecting personal data (see definition under “Who is affected by the GDPR?”) from your website, the next step is to consider:
- Whether this is in compliance with the GDPR, or
- Whether you should remove the applications concerned.
For external applications such as widgets etc. it’s best to check with the respective provider, to what extent their services comply with the GDPR. If you’re a Jimdo customer, this only applies to websites or online stores built with Creator and not our modern no-coding website builder. Additionally, we recommend speaking with a legal expert.
For Jimdo features, including but not limited to the Guestbook Element or cookies, Jimdo has made certain changes so you can customize these features to comply with the GDPR. More in the next section.
What features does Jimdo offer to help?
Jimdo’s website builder offers various built-in features to help you to make your website compliant with the GDPR:
- A link to your Privacy Policy is automatically added to your Contact Forms and Guestbook.
- A customizable Cookie Banner (“pop-up”)
- A page on your website with information on how your site uses cookies. This page appears automatically on Jimdo websites, along with the cookie banner, and has an opt-in feature that lets visitors opt-in to cookies that require consent.
- An editable Privacy Policy with formatting options.
- A checkbox with the linked Privacy Policy for all forms.
- “Shariff”: A two-click solution for social media features to limit their tracking (only for websites and online stores built with Creator).
Please check whether these functions are relevant for you and adjust them as appropriate.
Where can I find more information?
There’s more information on the GDPR and Jimdo in our Support Center. There you’ll also find a list of recommended links for more details on the General Data Protection Regulation.
We understand how difficult and time-consuming it is to get through the legal jargon of this new regulation. So we hope this article helps add some clarity to your GDPR preparations for your website.
As entrepreneurs, you’re always faced with challenges and this is just one more that we know you can overcome!
Bring your business online with Jimdo.
This post was originally published on May 21, 2018 and updated on December 1, 2021.