Online Shop / E-Commerce
Selling online means regulatory obligations stack up fast.
E-commerce sites process payments, ship goods, and handle customer data at scale. This triggers GDPR, ePrivacy, consumer protection law, and potentially NIS2 if you exceed size thresholds.
Realitätscheck
If a data breach exposed your customer database tomorrow, could you notify the authorities within 72 hours?
GDPR (General Data Protection Regulation)
mandatory Art. 6(1)(b), Art. 20, Art. 33, Art. 35Ihre Pflichten
- Legal basis for order processing (Art. 6(1)(b) contract)
- Separate consent for marketing beyond order fulfillment
- Right to data portability for customer data
- Breach notification within 72 hours (Art. 33)
- Data retention policy (don't keep data forever)
- DPAs with payment providers, shipping, analytics
SiteGuardian überwacht dies
- TLS/HTTPS encryption monitoring
- Automated cookie consent detection
- Security headers analysis
- Email transport encryption checks
- Breach notification SLA tracking (72h)
- Digital DPA/AVV signing
Risiko bei Nichteinhaltung
Fines up to 4% of global turnover. Customer lawsuits. Payment processor sanctions. Loss of merchant account.
ePrivacy Directive (Cookie Consent)
mandatory Art. 5(3)Ihre Pflichten
- Cookie consent for all non-essential cookies
- Separate consent for remarketing/retargeting
- No pre-checked consent boxes
SiteGuardian überwacht dies
- Pre-consent cookie and tracker detection
- Cookie banner presence and configuration analysis
- Reject option validation
- Consent mode compatibility check
Risiko bei Nichteinhaltung
Advertising spend wasted on non-compliant targeting. Platform bans (Google, Meta) for consent violations.
NIS2 Directive (Cybersecurity)
conditional Art. 21, Art. 23Ihre Pflichten
- Risk management measures (Art. 21)
- Incident reporting within 24h (Art. 23)
- Supply chain security assessment
- Business continuity planning
SiteGuardian überwacht dies
- 24h/72h/1m incident reporting SLA
- DNSSEC and DNS security monitoring
- Security headers and TLS enforcement
- Uptime and availability monitoring
- Supply chain risk scoring
- Incident auto-classification (NIS2 Art. 23)
Risiko bei Nichteinhaltung
Applies if >50 employees or >€10M turnover. Management liability. Fines up to €10M or 2% of turnover.
European Accessibility Act (EAA)
mandatory Art. 4, Art. 13, Art. 31Ihre Pflichten
- Accessible checkout process
- Product information in accessible formats
- Accessible customer service channels
SiteGuardian überwacht dies
- WCAG 2.2 Level AA conformance auditing
- Automated accessibility scoring
- Violation severity breakdown and remediation hints
- Daily accessibility scans
Risiko bei Nichteinhaltung
E-commerce services must comply from June 2025. Customers can file complaints with market surveillance.
Betrifft Sie das?
Wenn Sie 2 oder mehr mit Ja beantworten, gelten diese Vorschriften sehr wahrscheinlich für Ihr Unternehmen.
Sehen Sie, wo Sie stehen
Unser kostenloser Scanner prüft die Sicherheitslage Ihrer Website, SSL, Header, E-Mail-Authentifizierung und mehr. Kein Konto erforderlich.
Scan your shop's security postureDiese Seite bietet allgemeine Informationen zu EU-Regulierungsrahmen. Sie stellt keine Rechtsberatung dar. Wenden Sie sich für eine auf Ihre Situation zugeschnittene Beratung an einen qualifizierten Rechtsanwalt. SiteGuardian dokumentiert Ihr Monitoring kontinuierlich — Compliance liegt in der Verantwortung Ihrer Organisation.