07/2018 – Ready for the GDPR from the perspective of website operators
With the entry into force of the European Data Protection Regulation (EU-GDPR) on 25 May 2018, the fear of warnings and fines has increased significantly, especially for small and medium-sized enterprises (SMEs). However, only time will show the actual impact on website operators and SMEs. Risks can be minimised though if one knows the new legal basis and is able to react to it at short notice if necessary.
The most important thing to know is that the GDPR affects everyone, including you! Whether privately or professionally, everyone has to do in some way with personal data and should therefore familiar with the Europe-wide almost uniform data protection rules, at least in broad terms. The good news is: Since large parts of the GDPR are based on the strict German data protection law, you will probably already know some regulations.
Our recommendation to website operators is to pay particular attention to the principle of data minimisation. In this context, we have reduced the scope of collecting and processing personal data to an absolute minimum as well. Moreover, we completely disclaim the use of external analytical tools. However, if you cannot refrain from gathering certain data and integrating external services, you should bear the following in mind:
Data minimisation: Only personal data may be collected which are absolutely necessary for the purpose. For instance, to register for a newsletter, only a valid email address is absolutely necessary, that means neither name nor date of birth or the like are required.
Purpose limitation: The purpose for the collection, storage and processing of personal data must have been previously clearly defined and may not be changed or extended without separate consent.
Prohibition with permission: Personal data may not be collected, stored and processed unless there is a clear legal basis or consent of the person concerned.
Data transfer: Personal data may never be shared with third persons or passed on to third parties without explicit permission. A particular challenge for website operators is the integration of non-European services such as Google Analytics.
Order processing: You should conclude an "order data processing contract" with any external service provider who comes into contact with the personal data you have collected from your customers with obliges each external provider to treat these data in accordance with DSGVO as well.
Encryption: In the case of web forms, logins, contact forms or shop orders, personal data must be transmitted with SSL encryption (https: //).
Documentation and accountability: As a website operator, you are obliged to record processes which are connected to personal data in directories and to provide them on request to regulatory agencies.
Obligation to inform and report: As a website operator, you are generally obliged to provide free information about stored personal data. In addition, you must report the loss of personal information to supervisory bodies immediately in order to minimise or avoid fines. Non-compliance with the new data protection rules will also be fined.
Data Protection Officer: If your company has at least ten employees who are permanently involved in the processing of personal data, you must appoint a data protection officer who oversees all operations and acts as connector between operator and supervisory authority.
With these briefly summarised key regulations, we would like to support you in their implementation and hope that we could give you a good introduction and overview. For questions and suggestions, we are always happy to help and wish you all the best and success for your website! [Source: Kompac't 1/2018].
04/2018 – Our proposal regarding the DSGVO: Data minimisation comes first!
Instead, the behaviour of users visiting our website is analysed completely anonymised and exclusively internally by ourselves with the open source web tracking tool Piwik. This means, in contrast to the use of Google Analytics, that collected data is never transferred to and/or used by any third party. In this way, we can also guarantee that all data is stored exclusively on servers in Germany and thus never transferred to any country with possibly questionable data protection regulations.
12/2017 – 2018 will be all about IT security and the implementation of the EU GDPR
According to the latest report IT security and privacy 2017 of the National Initiative for Information and Internet Security (‘Nationale Initiative für Informations- und Internet-Sicherheit e.V.’ NIFIS), protecting and securing data is and will remain the most important issue for the German economy. As a result, the sensitivity to this topic will continue to grow inexorably. For the report, 100 executives and specialists from the IT industry were interviewed and their results evaluated.
Multiple answers were possible to assess the trends of the future. 95 percent of the respondents believe that increasing awareness will determine 2018. 94 percent of them see the protection against hacker attacks as trend-setting. The implementation of the EU General Data Protection Regulation (GDPR) will determine the next year according to 92 percent of the respondents.
Many of the data protection principles and concepts of the GDPR largely correspond to the previously valid EU data protection directive 95/46/EC. Their regulations were implemented in Germany with the German Federal Data Protection Act (‘Bundesdatenschutzgesetz’ BDSG). The provisions of the BDSG for companies are largely replaced by the provisions of the GDPR.
Since the new provision is an EU law, it is directly valid in all Member States and does not have to be implemented at the national level. Following the transitional period settled on 25 May 2016, the EU GDPR will apply two years after its entry into force, so that it will apply to everyone as of 25 May 2018. As a result, developers, programmers and above all software architects will have to rethink security and privacy by design.
[Sources: http://www.nifis.de/uploads/media/NIFIS-PI1612AD-Trends-2017-Datenschutz.pdf, https://www.finanzen.net/nachricht/aktien/trendstudie-2018-steht-ganz-im-zeichen-der-it-sicherheit-5790188, http://www.nifis.de/veroeffentlichungen/news/article/studie-ausg/ – further information: https://dsgvo-gesetz.de/]
11/2017 – Our new video for the campaign "More Internet Security" is available now!
Just in time with our anniversary and on the occasion of the transition from Zarafa to Kopano, we have updated our video for the campaign "More Internet Security" and are pleased to present the result here. Based on DANE (DNS-based Authentication of Named Entities) and DNSSEC (Domain Name System Security Extensions) protocols, aixzellent has developed various solutions to secure your data in the best possible way. The protocols use origin authentication to ensure that no invisible third party (man-in-the-middle) can engage in, intercept, or even steal data. On the one hand, especially small and medium-sized enterprises (SMEs) are often faced with a major challenge due to the lack of resources and know-how. On the other hand, data loss can be very expensive, particularly for SMEs, with far-reaching consequences that can even threaten their very existence. In addition to that, the dangers of increasing digitisation are steadily increasing in frequency and refinement. Therefore, we made offering tailor-made solutions for such companies at affordable prices with first-class service our business. An overview of our offer can be found here. What is special about each of our solutions is that they are designed specifically for you based on what you need. In that way we can guarantee the highest level of individuality and that you will only get and pay for what you really need. In a personal conversation we take the time to advise you free of charge and without any obligation. Please do not hesitate to contact us.
10/2017 – We celebrate our five-year company anniversary – celebrate with us!
After the brand aixzellent had been registered successfully in the German trade mark register in the late summer of 2012, we published our first news article on our new website five years ago. Since then, we regularly report on news, trends, threats, questions and products around the IT area. As a managed hosting provider, our focus is on data protection, encryption and secure, cost-efficient solutions for small and medium-sized enterprises (SMEs).
As successful IT service, we bundle our knowledge, our passion and our experience for the consultancy of our customers and the design of tailor-made open source solutions. What distinguishes us from other well-known hosting providers is our effort to offer our customers the highest level of security AND individuality at affordable prices. At the same time, we protect your data and systems 24/7 and assist you with advice and active support whenever needed.
We warmly invite you to celebrate this joyful event with us and to continue to benefit from our services in the future. And yet, it is worth to be quick! Our exclusive anniversary offer will safe you the monthly costs for all starter- and premium solutions up to 31-03-18! In addition to that, we grant you a special reduction on the set-up fee (starter 19€* instead of 29€* & premium 49€* instead of 99€*) for the implementation and installation of your aixzellent solution. After the 24-month term, the contract may be terminated on a monthly basis.
You are not sure which solution suits you best or you still have questions? No problem, we will advise you without any commitment and free of charge! Please do not hesitate to contact us at any time. You can find an overview of our starter- and premium- solutions here. We thank you for your trust and loyalty and look forward to the next years of successful cooperation with you!