Hi european Weblow Users and Webflow staff,
Only 3 weeks remaining and i am getting stressed more and more by the fact that my webflow sites are far from gdpr complient.
Points which are a big questionmark for me:
In the blog post you (webflow) explains what a data processor and a data controller is. But it seems like that you are ignoring completely the fact that you are the data controller for every visitor of my webflow hosted sites also.
Simply because you are getting and storing IP addresses of my visitors in your Server Log Files etc.
IP’s are in fact personal data in the gdpr context https://eugdprcompliant.com/personal-data/
As US Company you need to be certified AND i need a Data Processing Agreement with you.
Will such an Agreement be provided until 25. May?
Are there your business’ sites, or are there your client’s sites?
If it’s your client’s sites, you’re fine. You have nothing to do, nothing to tell thm, it’s not really your business, not your responsibility, not your fault. What you should do is to just inform your clients about GDPR and let them deal with it. Wait for orders from them, and those orders should come from their lawyers.
GDPR is a very serious legal thing, designers should not act on it, give advices, seek advices. Again, this is a legal thing, this has to be handled by lawyers and them only.
So, you should not be stressed, it can’t be your duty nor your responsibility to make sites compliant to GDPR.
The upcoming date isn’t the law entering in action, it’s enforcement entering in action. Those laws have been there for years and big companies acted years ago.
Both! Clients sites and my own sites.
Sorry Vincent this is definitly wrong! I don’t know if you are affected from the gdpr regulations. But as a webdesigner in europe you are in absolute liability if your clients website is not law conform.
Also you need to inform the clients about the upcoming changes AND possible problems on his site. And of course you need to act if something obvious is not gdpr conform and the client want to have it changed.
Anyway. I have webflow hosted projects which belongs to me too. And i need them conform. This is my responsiblity.
Your last sentence is far away from reality. Most big companies are acting right now. See webflow, mailchimp, cloudflare and so on. But some are not or not completely.
I don’t see how GDPR is the web designers issue once it’s built and from what I’ve read and learnt, I am not in absolute liability if the clients website is not GDPR compliant. That’s down to the client to hire me, or someone appropriate to make it so.
If I built 2/3 or 5 years ago and have nothing to with it, is it my problem? Even if they pay me for hosting? No. It’s up to them to make sure their company is GDPR compliant.
For future builds, I will write in the contract somewhere that I am not responsible. The same as if the client supplies images and they’re not copyright free. It’s in the contract that it’s their responsibility to make sure they are.
It’s so far away from being black and white, that every business is dealing with this differently. The way they all handle data is different.
As Vincent rightly says, don’t advise them, let them instruct… and pay you to make the necessary changes if need be.
I really wish i could confirm you. But unfortunately this is not true. Haha here in germany it happend the exact same example as you give with the copyright images. Client provided non copyright free image to the web designer, the designer put it in and the same designer had to pay 50% of the penalty. This sucks but its reallity.
Court says: He (the designer) is the expert and had to double check for copyright issues. The trial was btw. 2 years after the image was put in.
Same goes for new websites: A web designer MUST deliver legal complient websites and there is now way around that with text passages in the contract. At least here in germany. There are many court cases here. And even though it where possible to exclude some parts of liability in any way. What if the client let the check the final website from a tech lawyer. And the lawyer says:" Oh wait, what about IP’s which goes to webflow? Your web designer need to change this."
But anyway. All i have written doesn’t matter practically because: I run many of own projects on webflow hosting so there is no 3rd person client envolved. I am the client in this case and i need to ensure that my own webflow sites are compliant.
Sorry @vincent, and thanks to @Christoph_Schober, who is right. I fear Law is not a question of … “I didn’t know about”. Law is law.
And it’s not just a thing about Germany, it’s concerning whole Europe and also designers from everywhere, who did sites for European companies. I just wonder, why Webflow @callmevlad is not bringing some update about this.
Friday this week is deadline and at least we need some feedback. I’m sure, the Webflow team knows something about things like:
- A contract with Webflow as data processor
- What personal data is Webflow processing, how and why
- This concerns e. g. IP-Adresses and forms especially.
** How are data, collected with Webflow forms, processed
** Form Mails outgoing from Webflow Servcer supposed not to be encrypted. This could be done with SMTP, but until now, it is not possible to configure SMTP for Form Mail
Would appreciate to have some actual feedback, as the last one was from April 10.