On 25 May 2018 the EU General Data Protection Regulation (GDPR) came into force as a European regulation in the EU member states. The regulation has direct effect and takes precedence over national laws (such as the German Federal Data Protection Act). The GDPR comprises rules regarding data protection and affects every business. Its aim is to protect citizens. In addition to reporting and documentation obligations subject to criminal prosecution, it also contains obligations to provide information. Everyone has a right to know what data is stored about them. Operators of websites must also comply with the GDPR. This not only concerns the constitutionally compliant structure of a website but also the corresponding presentation of the content. It must be unambiguously clear to every user who processes personal data on the website and for what purpose.