Help Center
Home Data Protection General Data Protection Regulation (GDPR) overview

GDPR checklist for websites hosted at IONOS

This article uses examples to show you how to protect and secure personal data on your website in order to fulfill the requirements of the General Data Protection Regulation (GDPR). Please note that every website project is different and this article cannot cover every aspect.

Please Note

IONOS offers no legal advice and assumes no liability for the completeness and accuracy of the content of this article. If you have specific questions, please contact your legal advisor.

What is the GDPR?

The GDPR regulates the handling of personal data in a standardized manner throughout Europe. Personal data is any information relating to an identified or identifiable natural person, such as names, addresses, telephone numbers and online identifiers (e.g. IP addresses). Further information can be found in the Help Center article "General Data Protection Regulation (GDPR)".

Secure data transmission: Use SSL

Visitors to your website must be able to rely on their data being treated confidentially and with integrity. It helps when data being transferred is encrypted. Without special precautions, the transmission path between servers and your visitors' browsers is generally not encrypted. In principle, all data can be viewed by third parties, e.g. passwords, personal data, entries in forms and fields, etc.

An important step towards securing and encrypting the transmission path is the use of an SSL certificate. Many IONOS products already include a free SSL certificate, which can be easily issued and used. The use of an SSL certificate has the following advantages:

  • Ensures that you are connected to the correct address (domain of the target address)
  • Encrypted and therefore tap-proof and integrity-protected data transmission
  • Improved ranking with Google

For this reason, IONOS recommends the use of SSL certificates for websites and the operation of online shops etc.

In the Help Centre section "SSL Certificates Managed by IONOS" you will find several articles on this topic.

Update privacy policy

The GDPR contains guidelines for the privacy policy, which is mandatory on every website that processes data. A privacy policy is a document that contains information about the collection, processing, and use of personal data by an organization or company. It is intended to inform data subjects about their rights and the way in which their personal data is used.

The following contents are recommended:

  • the purpose/reason for the data processing
  • the name and contact details of the controller or data protection officer
  • the legal authorization for data processing
  • the recipient of the data
  • the storage periods of the data
  • information on whether data is passed on to third parties
  • the right to information and/or deletion of the data
  • the right to lodge a complaint with the data protection supervisory authority

Google Analytics: What you need to bear in mind

Do you use Google Analytics to track your website? Then you should note the following information:

  • It is mandatory that you indicate that you use Google Analytics!
  • You must offer an "opt-out option". Do you use WordPress? Then use a specialized plugin, for example. You can also find an option for this directly in the Google Analytics plugin under Tracking Code. Incorporate the code into your privacy policy in a meaningful place
  • You must conclude an order processing agreement with Google. You can create this agreement directly in your Google Analytics account.
  • Customize the storage period: You can now choose between different time spans to determine how long user and event data is stored on Analytics servers. You can make these settings directly in your Google Analytics account

Comment function: Add note on data storage

Do you use a comment function on your website? Then you need to add a note stating that you save the data. Ideally, this notice should contain a direct link to your privacy policy. This is necessary even if your visitors use the comment function voluntarily.

Domain registration data

The General Data Protection Regulation (GDPR) simplifies the collection of domain contact data: only the owner data (Reg-C) is required.

The entries for Admin-C and Tech-C are no longer mandatory and are therefore no longer transmitted to the registry by IONOS.

You can overwrite existing domain contact data by updating the Reg-C data. Please note that any stored telephone and/or fax numbers will also be overwritten.

  • Log in to your IONOS account.
  • Click on Domains & SSL.
  • Select the domain that you want to update the contact details for by clicking on the 3-dot menu in the corresponding line.
  • Select Actions > Privacy & contact details.
  • Click on Edit.

Take website temporarily offline

If you are not sure whether your website fulfills the GDPR guidelines, you can take it offline temporarily at any time until you have made the necessary adjustments. Popular content management systems, such as WordPress, usually have a built-in maintenance mode or corresponding plugins that take over this function.

Alternatively, you can block all or part of your web space, as described in the Help Center article "Setting up protected directories in webspace". The disadvantage of this method is that visitors to your website will only see an uninformative screen for entering a username and password when first accessing the page.

Content