How to give evidence of lawful data processing as required by Art. 5(2) GDPR
The General Data Protection Regulation (GDPR) requires website operators to be able to “demonstrate the compliance of processing activities with this Regulation, including the effectiveness of the measures.” (Recital 74 GDPR).
But how can this be complied with when it comes to software-as-a-service solutions for web analytics, tag management, marketing automation & co.?
Relying only on the providers’ advertising statements is not likely to meet the accountability requirements. A certification in the sense of Article 42 of the GDPR would be great for the solution used, but the supervisory authorities have not yet made corresponding certification available. Therefore, the best option at present is when the provider can present a non-accredited, but independent and renowned certification such as the “ePrivacyseal EU”.
The etracker solutions – etracker Analytics, etracker Optimiser & Signalize – have just passed the comprehensive technical and legal audit for the third time – also under the new TTDSG for the first time. Conclusion of the assessors:
“In cookie-less mode (standard mode), the use of etracker Analytics is legal without any obligation of consent in accordance with the DSGVO and TTDSG.”