Order data processing
Web hosting, web design, programming as order data processing
With every customer who has had websites programmed or provided on the Internet via TBA-Hamburg/-Berlin since 2018, often including. of its email accounts belonging to the domain, we conclude a commissioned data processing contract in accordance with the GDPR.
Since questions often arise in this context, we try to explain here what this contract is, why and what you need it for.
This article is not legal advice and is not a substitute for legal advice.
What is at issue?
Since the new data protection law (GDPR), there are new rights and obligations for website operators. On the one hand, the website must be operated in a technically and contentwise data protection-compliant manner. And if you have commissioned an external service provider to make the website available on the Internet (web hosting), a commissioned data processing contract must be concluded with this provider. Because through his activities, he has at least access to the IPs of the website visitors (IPs are considered personal data), but mostly also to a lot of other data relating to the website and the e-mail accounts.
Conclusion: As soon as you create your homepage via the TBA as an external service provider and / or make it available online, or have your e-mails managed by the service provider, you need a contract for order data processing (ADV contract) with this service provider. There are drastic fines if you fail to do so.
The TBA-Berlin has of course prepared order data processing contracts for all customers. Please contact us if you do not have a contract yet.
- Delimitation of commissioned data processing: when yes, when no:
lda.bayern.de – FAQ_Abgrenzung_Auftragsverarbeitung.pdf
- Contracting authority in the obligation:
- In the case of web hosting, website operators must have an order processing contract with the web host:
Contribution of the data protection provider ActiveMind.de – Order processing – Fines