GDPR Export Description

General Information

The GDPR export contains all collected information/results of the performed GDPR scan(same information as in the Nimbusec compliance monitor).
Information is split in 4 main categories

All collected information/results were generated before any kind of user interaction with the website was performed  No cookies etc. were accepted when visited the website[except the cookie banner feature was enabled (optional)].

The Excel Document itself contains 5 different data sheets

The "Assets" sheet contains all websites that were scanned for compliance.

Inputs

This section focuses on input forms that handle sensitive data. Our scanner collects all form fields that are present on your web-applications.
Simply put: A complete inventory of all input forms on all domains in scope.

image-1650604732806.png

Table fields explained
Next steps based on best practices (work package)
Further Reading

Unencrypted data forms
https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e3385-1-1
https://www.mein-datenschutzbeauftragter.de/blog/datenschutz-auf-websites-warum-die-verschluesselung-von-kontaktformularen-etc-wichtig-ist/
https://gdpr-info.eu/issues/encryption/
https://www.ra-plutte.de/gastbeitrag-warum-sie-ihre-website-auf-https-umstellen-sollten/

Personal Identifiable Information (PII)
https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e2066-1-1

Third Parties
https://www.usp.gv.at/it-geistiges-eigentum/datenschutz/einwilligung.html
https://dsgvo-gesetz.de/themen/auftragsverarbeitung/
https://www.lda.bayern.de/media/veroeffentlichungen/FAQ_Abgrenzung_Auftragsverarbeitung.pdf

Cookies

This section focus on detected cookies of the scanned websites. Since our scanner does not interact with the website, all detected cookies were set before user consent.
-> A full documentation of all set cookies (before user consent) of all scanned web-applications.

image-1650605347170.png

Table fields explained
Next steps based on best practices (work package)
Further Reading

https://curia.europa.eu/juris/document/document.jsf;jsessionid=F2A804042CAC4FE3D70A00596C6A76D0?text=&docid=218462&pageIndex=0&doclang=DE&mode=req&dir=&occ=first&part=1&cid=1686588
https://www.wbs-law.de/it-und-internet-recht/datenschutzrecht/eugh-cookies-aktive-einwilligung-c-673-17-45473/
https://www.wko.at/branchen/information-consulting/werbung-marktkommunikation/eugh-entscheidung-zu-cookies-und-einwilligung.html
https://www.datenschutz.org/cookies/#die-regelungen-fuer-cookies-innerhalb-der-eu
https://www.lda.bayern.de/media/pm/pm2021_06.pdf

Tracker

This section focuses on internal/external used tracking software. Our scanner analyses the whole network traffic that was triggered by initially visiting the web-application. As a result, all detected requests were triggered before user consent.
-> A complete list of all used tracking technologies of each domain in scope

image-1650606295391.png

Table fields explained
Next steps based on best practices (work package)
Further Reading

https://dsgvo-gesetz.de/themen/auftragsverarbeitung/
https://gdpr.eu/privacy-notice/

Content

This section focus on company specific compliance parts that were individually defined with the project team.
->A full documentation of which domain violates the defined rules

Table fields explained
Next steps based on best practices (work package)

 

 

 

 

 

 


Revision #2
Created 13 April 2022 11:16:30 by Simon Schwendtner
Updated 22 April 2022 06:00:04 by Simon Schwendtner