GDPR: The EU Regulation and Your Jimdo Website
Jimdo offers you the technical framework to create your own website including an online shop.
Correspondingly, the following information is general in nature and not to be understood as legal advice. Should you at any time have specific questions or encounter specific problems, we strongly recommend that you contact a lawyer or a data protection expert.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a European Union regulation that enters into force on 25th May .2018.
The GDPR is a Europe-wide uniform directive that concerns the topic of data protection. The goal is a securer and more economical use of personal data. The GDPR will affect almost every website operator that works with personal data; from small one-man businesses to large international corporations. The GDPR contains some basic principles that make it easy to determine what the objective of this new regulation is.
Principles of the GDPR
You may only process data in accordance with the law.
A ban failing authorisation:
This means that any processing of personal data is prohibited except where permitted by law.
Purpose limitation means that data must be used or processed solely for the purpose obtained for or agreed upon. So you have to specify in advance what data you want to use and for what it will be used for. Of course all of this must be documented.
Data minimization and storage limitation:
You may only collect data for a particular purpose. Simply storing all data on reserve is not permitted. Of course a data deletion concept detailing how long you store data and when it is deleted is also included under this principle.
Integrity and Confidentiality:
You have to ensure that the data you store is protected against unauthorized processing, access, destruction, alteration or loss.
You can find the full legal GDPR text here:
Further information can be found at:
What changes for me and what do I have to consider as a website operator?
As the owner or operator of your Jimdo website, you’re still responsible for all content, the data collected and for compliance with all legal requirements. Nothing in the GDPR changes this.
Am I affected by the GDPR?
GDPR concerns above all the protection of personal data. Personal data includes:
- First name, Surname
- Email address
- Phone number
- Bank account
The definition of personal data has been extended by the GDPR and now also includes data such as:
- IP address
The above-mentioned extension of the definition of personal data ensures that virtually all website operators have to review their website and adapt it if necessary. This also applies even if there’s no online shop on the site. A website is affected by the GDPR if:
- IP addresses of website visitors are transmitted and stored via the website
- There’s a comment function with an option to display or enter email addresses on the page
- Visitors to the website can comment on pages or posts
- There’s a contact form on the page
- There’s a subscription signupor a newsletter subscription
- The site operator analyzes the behavior of visitors using tracking and cookies
- Social media plugins are present on the site, which are not compliant with data protection, ie via two-click solution
First off ask yourself the following questions:
- What data do I collect / process / use on my Jimdo website?
- For what purpose and why do I collect this data?
- How do I collect this data?
- Do I have a contact form? A guestbook? A blog?
- Do I use Google Analytics or any other analytics or statistics tool on my site? Note: This includes the statistics function in the CMS.
- Which widgets did I integrate on my site?
- What about child safety?
- What services / products do I sell on or via my Jimdo page?
- Will products be created via my Jimdo page?
Feel free to check out this helpful checklist provided by the Information Commissioner's Office.
In other words:
There are several browser add ons that can assist you in this respect (such as Ghostery, Privacy badger etc.) and will display the cookies being used and the services you have integrated on your Jimdo page.
It's also a good idea to review the data categories, processes, procedures, and associated obligations that you set with a data protection expert or legal counsel.
Only then can you judge exactly whether or not you observe the basic principles of the GDPR and how you can properly prepare yourself for the 25th May 2018.
- The purpose or reasons for the data processing
- The name and contact details of the person responsible and also of the data protection officer
- The legal legitimacy for the data processing
- The recipients of the data
- The retention period of the stored data
- The intention to transfer the data to third parties, possibly also in a third country or internationally
- The rights to information and / or deletion of data
- The right of appeal to the data protection supervisory authority
The GDPR and Google Analytics
The general rule:
If you use the Jimdo statistics function or your own Google Analytics account for the Google Analytic function provided by Jimdo, then you don’t have to worry about the opt-out and the IP address anonymization, as we’ve already implemented this for you.
The Jimdo Statistics function
The Statistics provided by Jimdo is based on Google Analytics. If you only use this feature, collecting your website visitors data is part of your data processing agreement and contract with Jimdo and it's enough to sign the contract for the data processing with Jimdo because Jimdo have in turn signed a similar contract with Google.
Your own Google Analytics account
If you use your own Google Analytics account, please sign the data processing contract directly with Google.
You can sign the contract directly in your Google Analytics account. Simply go to your "Account Settings," scroll down and click on "Show addendum” Agree with the addendum and save the whole thing.
What is Jimdo doing?
Together with our Data Protection Officer as well as the Hamburg Supervisory Authority for Data Protection we are working intensively towards implementing a GDPR compliant solution at Jimdo. Such solutions and their implementation necessarily take time, as we’re sure you’re experiencing with your own preparations. Of course these changes include a review of all data protection and information security practices at Jimdo as well as a review of the Jimdo website builder platform and correspondingly some necessary changes.
What about changes or adjustments to the technical framework?
If we make changes or adjustments to the technical framework, we’ll keep you updated via the Jimdo newsletter, our blog or Facebook channel.
Of course, you can always contact us with specific questions. Please note, however, that we’re not permitted to offer legal advice. It’s best to send us your request along with the recommendation or legal basis of your lawyer or data protection expert.
We look forward to informing you about the solutions currently available with Jimdo and to discussing the exact legal basis and possible technical changes.
Here are some examples of technical changes we’re working on:
- Privacy compliant integration of Google fonts
We understand that the GDPR and its correct implementation at the moment raises many questions and generally causes uncertainty. Of course, we’ll keep an eye on developments in this area and gather as much information as we can in order to help our users with these questions, where possible.
Should there be any specific questions regarding the design or technical implementation of your online service, we’ll be happy to assist you and your lawyer at any time.