Lesson 3

Data protection declaration

Every website should have a GDPR compliant data protection declaration. You must ensure that your data protection declaration meets all requirements.

Criteria for your data protection declaration

Similar to imprints, the data protection declaration must be easy to find. That means that it must be visible directly on your website - not only after navigating 3 clicks. In addition, it must communicate clearly in plain language which data is collected on the website and how it is processed.

Information that belongs in your declaration

The basis for your data protection declaration are your records of data processing activities. This will now come in handy as the most important element of a data protection declaration is a listing of which data you process, how you process it and with whom.

The following aspects should also be included:

One of the most important things is the name and address of the website operator. Should you have a compulsory data protection officer (compulsory in Germany from 10 employees), you must also provide further information on how to contact him.

This is information about disclosure, correction, erasure, processing limitation, data transferability, and the right to not be profiled. A passage about the right to withdrawal of consent and the right of appeal of supervisory authorities also belongs here.

Here, you should clearly state the erasure dates of the data that you store. For more information, see chapter 9.

Finally, give information about how you use cookies and explain the possibility of an opt-out.

List exactly which data is extracted, saved and also transferred to third parties. Do this as transparently and precisely as possible. If you are processing data on the basis of a legitimate interest (e.g. Google Analytics), mention this here.


As soon as you have compiled all the content, you can also in principle formulate the data protection declaration yourself. However, it is more advisable to have this taken care of by a specialist lawyer, since investigating lawyers will actively search for gaps and formal errors in your data protection declaration.

The investment in a specialist lawyer makes sense to me when you take the impending penalties into consideration.

My recommendation:
Let a professional advise you about this. While there are also data security generators who can support you, they often don’t include all the tools that you personally use. More importantly: You also bare responsibility here yourself as they always have a liability disclaimer.

To be on the safe side, you should therefore have a data protection declaration individually prepared for you by a lawyer. This way, your lawyer will be liable, not you. Considering the potential costs that could come from paying a fine, this is money very well spent.

Downloads / Learning materials

Checklist for your privacy statement


←To lesson 2

To lesson 4→

Overview Lectures

Switch quickly and easily to all lessons of the course.

Course Overview
Lesson 1 GDPR basics - definitions
Lesson 2 Data protection
Lesson 4 Data processors
Lesson 5 Email marketing
Lesson 6 Lead magnets & coupling prohibition
Lesson 7 GDPR compliant tracking
Lesson 8 Internal handling of data
Lesson 9 Information request
Lesson 10 GDPR and Digistore24

We would like to expressly point out that this online course in no way replaces legal advice from a specialist lawyer and has no claim to correctness or completeness. 

www.digistore24.com | Impressum | Privacy policy

English | German

Made with Coachannel Badge