This is some text inside of a div block.

Data protection for e-commerce

Building a high-turnover online shop - many companies have already discovered this sales opportunity for themselves. But with an online shop you also have to be on the safe side legally.

The online retailer must inevitably deal with the topics of terms and conditions, imprint, declaration of revocation and other topics. Because without a legal dispute with these key points, there is a risk of warnings. Operating an online shop also requires an intensive consideration of data protection issues!
Use the advantages of heyData and receive your non-binding offer.

Inquire free of charge

Without data protection - no e-commerce

There are two main reasons why companies shouldn't treat data protection as secondary when running an online shop:

Legal requirements in the area of ​​data protection also apply to the use of a shop system. Compliance with these legal requirements is monitored by the legislator, the data protection authorities, the consumer advice center and also by your competitors.

Without handling your customers' personal data in accordance with data protection regulations, you will lose credibility and image. Surveys have shown that customers break off contractual relationships with companies that do not comply with data protection requirements. A customer churn is therefore not unlikely without a well thought-out data protection model!

Request a quote now

E-commerce - the customer will be transparent

No online shop can exist without collecting personal data. In online trading, the customer must disclose his personal data in order to be able to successfully complete the order process.

This data collection basically includes:

the name of the purchaser

Address data (address & Co.)


account information

Most shop systems will, however, request significantly more data, which is processed internally by the provider. These data are all personal data and are all subject to the GDPR.

Since shop systems work and process automatically, it is essential to set up the process in a way that complies with data protection regulations. If customer data is handled improperly, there is a risk of fines from the authorities, expensive warnings, other sanctions and a catastrophic loss of image (the press is currently gratefully including data protection violations as a headline ...).

heyData - our services for your online data protection

heyData offers you the secure opportunity to guarantee your customers a data protection compliant shopping experience. We would be happy to provide you with a professional, external data protection officer so that you can concentrate on your core business in a relaxed manner. We take over your data protection tasks for you.

The tasks are varied. This starts with the data requested in the check-out process. These must be highlighted because too much data must not be queried for no reason. Marketing tracking tools used are also checked for their legally compliant use. These and other data protection-specific topics are carefully examined by our data protection officer during the first inventory.

The aim of our work is that the customer has submitted all personal data - when checking out from the online shop - in a legally secure manner and that further processing is on a reliable basis.

Get in touch

Data protection in online trading

Data protection in online trading protects customers, but also harbors a number of tasks and problems for online providers. Just offering a privacy policy is not enough.

Our external data protection officer studies and illuminates a large number of points relevant to data protection:

- the privacy policy

-the cookie banner

- the correct encryption of the website (see lock in the browser)

- Forms (data economy as a requirement of the GDPR)

- Opt-in and opt-out (customer consents)

- Newsletter (is it possible to send it?)

- the use of evaluation tools

- Data protection compliant customer loyalty

- Socia media plugins (data protection compliant social media marketing)

- AV contracts (order processing contract)

- Directory of processing activities

- Concept for data erasure

- legally compliant answering of customer questions

- dealing with data breaches (workflow)

These are just a few of the points to consider when correct Data protection of an online shop must pay attention to. Note that every shop and every company has different processes and an individual focus. There is no solution out of the box or a generally applicable procedure! With an external data protection officer, heyData offers you the solution that turns your shop system into a data protection-compliant platform.

At the beginning of our partnership, we will carry out an inventory with you and examine all areas relevant to data protection. You will then receive a written evaluation and we will give you specific tips for improvement. Our data protection officer will always be a serious contact for you and will help you discover and close the data protection gaps. This means that you are well protected from costly fines and can concentrate on your day-to-day business.

Online shopping data protection - heyData regulates your information obligations

Do you know the right to information or the right to deletion? You don't need to either - the heyData data protection officer does this job too! Our data protection officer knows all the obligations and deadlines of the right to information and will give you professional advice. Do you know which data you can or must keep for how long? No? Your heyData data protection officer knows his way around and is happy to help!

Various deadlines must also be adhered to here. A request for information must be processed and answered within one month. Our external data protection officer always has these deadlines and possible deadline extensions in mind. If you wish, he will take over communication with the other party and will not disrupt your day-to-day business or get in your way.

offer received

Data protection as a service from heyData - legally compliant, serious, secure

The heyData data protection officer will keep an eye on the following points for you in a case of information:

Get in touch

the processing purposes of the respective data

the categories of personal data that you process

the recipients of the data

the retention period

the existence of a right to correction or deletion 

the existence of a right of appeal to a supervisory authority

the origin of the data

whether there is automated decision-making

Data protection in online shopping - heyData finds your way

The above points only reflect a fraction of the work to be done if you want to operate a legally compliant online shop. Data protection is not just a question of ethics here, but also a legal and marketing-related task. The external data protection officer from heyData will work with you to develop a professional and transparent solution. The external data protection officer will always be at your side as a contact person for you and your employees. 

The external data protection officer - a demanding topic, but always practical

You and your employees will also shop online on the Internet. Here you will pay attention to security, a serious demeanor and legal bases. The data protection officer at heyData thinks in a practical way and has industry knowledge. This is what you would like your partners to do too. The external data protection officer from heyData already knows your tools and data processing applications. We help you so that new customers become convinced existing customers and your image remains popular and unassailable.

Trust the professionals when it comes to data protection within your online shop - rely on heyData as your own external data protection officer!

Get in touch

Why do you need data protection in e-commerce-commissioned?

The more relevant the technology becomes, the more the use of e-commerce increases. Big or small, all types of online retailers are responsible for ordering goods through to delivery. In order for customers to properly receive the products or services they have purchased, online retailers are particularly reliant on keeping customers' personal information secure, including:

  • Full name
  • Address
  • Email address and telephone number
  • Account information

E-commerce in particular is severely affected by the General Data Protection Regulation (GDPR). The processing of customer data happens regularly and can end negatively for online retailers due to careless handling. The requirements of the GDPR must therefore be observed in order to prevent consequences such as damage to the image, loss of trust and fines. It is therefore crucial that sensitive customer data is handled carefully and transparently in accordance with data protection measures.

Choose heyData and benefit from your personal and professional contact, who ensures data protection compliance at all levels and at the highest level.


Do I need a data protection officer?
What are personal data?
How does heyData work?
How long is the contract term?
What is done in the data protection audit?
Do I need a data protection officer?

If you and your company meet one or more of the following criteria, then YES:
- Your company employs more than 20 people
- The employees regularly process automated data
- Special categories of personal data are processed in the company, such as ethnic origin, political opinion, religious conviction, health, the person's sex life
- Business-related personal data is transmitted, collected, processed or used and this represents a core activity of the company (this is the case with almost all companies that are related to personnel, e.g. software, recruiting, headhunting, consulting, etc.) 

What are personal data?

According to the GDPR, personal data is all information that relates to an identifiable or identified natural person. The persons concerned can be identified if they can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, a location or other features. In practice, this includes all data that can be assigned to a person in any way. Examples of this are telephone numbers, ID numbers, account details, license plates, customer numbers, e-mail addresses or postal addresses.

How does heyData work?

As soon as you have decided to work with heyData, after an initial needs analysis, we will carry out a data protection audit with your company in order to understand the processes of your company holistically - this process is digitally accompanied and supervised by the data protection advisor. We will then work with you to prepare the necessary documentation and, if necessary, adapt the website of your company according to our instructions, should there be a need for changes in order to achieve conformity. Depending on the package, we are then involved in a wide variety of processes in your company that require the expertise of a data protection officer to protect you in all matters; this usually extends to HR, marketing, product but also business development processes.

How long is the contract term?

The regular contract term is 24 months.

What is done in the data protection audit?

The data protection audit is intended to examine the processes of your company and to identify the essential points of data processing. You will then receive documentation of this so that the positions, the type of data processed and the persons responsible are also available as a diagram at any time.