Website Guides
56+ practical guides on GDPR, accessibility, security and EU e-commerce law — written for small businesses.
Editor's picks
Free Stock Photo Sources for Business Websites
Find free stock photo sources that are safe for commercial use on your business website. Unsplash, Pexels, Pixabay and more, with license details.
9 min read
Editor's pickAI-Built Website Liability Under EU Law
Cursor, Lovable and ChatGPT helped build your site. The GDPR controller is still you. What the AI Act, EDPB and 9 Dec 2026 actually change.
9 min read
Browse by topic
GDPR & Privacy
AI-Built Website Liability Under EU Law
UpdatedCursor, Lovable and ChatGPT helped build your site. The GDPR controller is still you. What the AI Act, EDPB and 9 Dec 2026 actually change.
9 min read · Updated May 2026
Complete GDPR Website Audit: Step-by-Step Checklist
UpdatedA step-by-step GDPR audit checklist for your website. Check cookies, tracking, privacy policy, forms, third-party services and security in one pass.
10 min read · Updated Apr 2026
Contact Form GDPR Requirements: Article 13 Compliance
UpdatedWhat a GDPR-compliant contact form needs: Article 13 information, the right legal basis (legitimate interest vs precontractual), unchecked boxes, retention.
9 min read · Updated May 2026
Cookie Banner Requirements Under EU Law (2026 Guide)
UpdatedCookie banner requirements in the EU 2026: reject equal to accept, no dark patterns, prior consent. EDPB Guidelines 05/2020 explained.
9 min read · Updated May 2026
Data Breach Reporting Under GDPR: 72-Hour Notification
UpdatedReport a personal data breach under GDPR Article 33: the 72-hour clock, when notification is required, what to file and when to tell affected individuals.
10 min read · Updated May 2026
Data Processing Agreement (DPA): Article 28 GDPR Guide
UpdatedWhen a third-party service needs a Data Processing Agreement under GDPR Article 28: required clauses, common processors and how to handle DPA refusal.
8 min read · Updated May 2026
Do I Need a Cookie Banner? EU Decision Guide
UpdatedSimple decision guide for EU businesses: when does your website actually need a cookie banner? Three questions to find out, with the legal basis explained.
8 min read · Updated May 2026
GDPR Compliance Checklist for Your Website (2026)
UpdatedA practical GDPR checklist for small business websites. Check cookies, privacy policy, consent forms, and tracking scripts.
12 min read · Updated Apr 2026
GDPR Data Retention Periods: Article 5(1)(e) Guide
UpdatedHow long can you keep personal data under GDPR? The Article 5(1)(e) storage limitation principle and retention periods by data category for EU businesses.
9 min read · Updated May 2026
GDPR for Restaurant Websites: A Practical EU Guide
UpdatedGDPR for EU restaurants: reservation systems, Google Maps embeds, menu photo rights and delivery widget trackers. Four fixes that close most of the risk.
6 min read · Updated May 2026
GDPR Records of Processing: Article 30 Template
UpdatedBuild the Article 30 GDPR record of processing activities. Who is exempt, what to include, controller vs processor versions and a ready-to-fill template.
8 min read · Updated May 2026
Google Analytics and GDPR: Is GA4 Legal in the EU? (2026)
UpdatedCan you use Google Analytics 4 in the EU? The consent requirement, the EU-US DPF transfer mechanism, Consent Mode v2 limits and cookieless alternatives.
10 min read · Updated May 2026
Google Fonts and GDPR: How to Stop the IP Leak
UpdatedLoading Google Fonts from Google's servers sends visitor IP addresses to the US. A German court fined a website owner for this. Here's how to fix it.
9 min read · Updated Apr 2026
How to Create a Privacy Policy (Free Generator + Guide)
UpdatedCreate a GDPR-compliant privacy policy for your website. Use our free generator or follow this guide to write one yourself.
9 min read · Updated Apr 2026
YouTube Embed and GDPR: Cookie-Free Approaches
UpdatedStandard YouTube embeds place tracking cookies before consent. Two compliant patterns under GDPR: youtube-nocookie.com and click-to-load facade, with code.
7 min read · Updated May 2026
GDPR Fines for Small Businesses: Real Cases and Amounts
UpdatedReal GDPR fines for small businesses run from about 1,000 to 50,000 EUR. See published regulator decisions, what triggers enforcement and how to avoid it.
9 min read · Updated May 2026
Google Maps Embed and GDPR: The Compliance Problem
UpdatedEmbedding Google Maps sends visitor IP addresses and browsing data to Google without consent. Here are GDPR-compliant alternatives.
5 min read · Updated Apr 2026
Product Liability Directive 2024/2853: 9 Dec 2026
UpdatedDirective (EU) 2024/2853 makes software and AI 'products' for strict liability on 9 Dec 2026. What it means for SMBs, and what it does not change.
9 min read · Updated May 2026
The EU AI Act for Website Owners (2026)
UpdatedArticle 50 applies 2 Aug 2026. For most SMB sites it creates almost no new obligations. Here's the honest checklist before the deadline.
11 min read · Updated May 2026
Accessibility
Does the European Accessibility Act Apply to Your Business?
UpdatedThe EAA became enforceable in June 2025. Find out if it applies to your business, what it requires and what happens if you don't comply.
9 min read · Updated Apr 2026
EAA Penalties: What Happens If Your Website Isn't Accessible
UpdatedThe European Accessibility Act is enforceable. Here are the penalties for non-compliance and what enforcement looks like in practice.
9 min read · Updated May 2026
Accessibility Statement: What It Is and How to Write One
UpdatedAn accessibility statement shows your commitment to an accessible website. Here's what to include and a template you can use.
8 min read · Updated May 2026
Restaurant Website Accessibility: Menu, Booking & Ordering
UpdatedRestaurant accessibility: your website menu, booking form and ordering system must be accessible under the EAA. Here's what to fix.
9 min read · Updated Apr 2026
Website Accessibility Overlays vs. Real Compliance
UpdatedAccessibility overlays promise a one-click fix but don't deliver. Learn why they fail and what actually works.
8 min read · Updated Apr 2026
Hotel Website Accessibility: EAA Booking Rules
UpdatedHotel booking systems need to work for everyone. Here's how to make your hotel website accessible and meet EAA requirements.
8 min read · Updated Apr 2026
Security
My Website Says 'Not Secure'. Here's How to Fix It
UpdatedYour browser shows 'Not Secure' for your website? Here's what it means and how to fix it step by step.
6 min read · Updated Apr 2026
Website Security Checklist: 10 Things to Check Today
UpdatedA practical security checklist for small business websites. 10 things you can check and fix today without technical expertise.
8 min read · Updated Apr 2026
GDPR Requires a Secure Website: What You Need to Know
UpdatedGDPR Article 32 requires you to protect personal data with appropriate security. Here's what that means for your website.
8 min read · Updated Apr 2026
Vulnerable WordPress Plugins: How to Check and Fix Them
UpdatedVulnerable WordPress plugins are the top attack vector for small business sites and a GDPR Article 32 risk. How to check, patch and audit your plugins.
7 min read · Updated Apr 2026
Website Hacked? Here's What to Do Right Now
UpdatedYour website has been hacked or shows signs of malware. Here are the steps to take right now to contain the damage and get back online.
10 min read · Updated Apr 2026
What Does a Website Security Scan Check?
UpdatedWhat a website security scan actually checks: SSL, headers, vulnerable libraries, outdated CMS and more. Learn what the results mean and how to fix issues.
11 min read · Updated Apr 2026
SSL Certificate: What It Is, Why You Need It
UpdatedAn SSL certificate encrypts data between your website and visitors. Here's what it does, why you need one and how to get one for free.
7 min read · Updated May 2026
Legal Pages
ODR Platform Abolished: Remove the Link From Your Website
UpdatedODR platform abolished July 2025. If your website still links to the EU Online Dispute Resolution platform, here is what to do.
11 min read · Updated Apr 2026
Germany: §5 DDG Replaced §5 TMG, Update Your Impressum
UpdatedThe German TMG was replaced by the DDG in 2024. If your Impressum still references TMG, here is what changed and how to update it.
11 min read · Updated Apr 2026
E-Commerce
"Buy Now" vs "Order": Why Your Button Text Matters Legally
UpdatedEU law requires specific wording on order buttons. The wrong text could make your orders non-binding. Here's what your checkout button must say.
7 min read · Updated Apr 2026
EU Checkout Rules: Button Text, Pricing, Consent
UpdatedEU checkout rules under Directive 2011/83/EU: order button text, price display, withdrawal rights and consent before the customer clicks Buy.
10 min read · Updated Apr 2026
EU Consumer Rights for Online Sellers: Plain-Language Guide
UpdatedEU consumer rights for online sellers: the 14-day withdrawal right, Omnibus pricing rules and pre-contractual disclosures in plain language.
9 min read · Updated May 2026
EU 14-Day Right of Withdrawal: Rules, Exceptions & Refunds
UpdatedEU 14-day right of withdrawal explained: when it starts, 8 exemptions, 14-day refund deadline, 12-month penalty for not informing buyers.
9 min read · Updated May 2026
EU Omnibus Price Display: The 30-Day Prior Price Rule
UpdatedThe EU Omnibus Directive's price-display rule requires showing the lowest price from the past 30 days when you advertise any discount. Here is what counts.
9 min read · Updated May 2026
Email Marketing
Is Double Opt-in Required? It Depends on the Country
UpdatedIs double opt-in required? Yes in Germany, recommended in Austria, optional elsewhere. What ePrivacy and GDPR say per country.
9 min read · Updated May 2026
Newsletter Signup Forms: GDPR Requirements
UpdatedYour newsletter signup form needs more than a checkbox. Here are the GDPR rules for email consent, what to store and how to avoid common mistakes.
9 min read · Updated May 2026
Pre-checked Signup Boxes Are Illegal: Here's Why
UpdatedPrechecked checkbox illegal under GDPR: the CJEU Planet49 ruling (C-673/17) confirms pre-ticked boxes do not produce valid consent. What to fix on your forms.
10 min read · Updated May 2026
SPF, DKIM and DMARC: Email Security in Plain Language
UpdatedSPF, DKIM and DMARC explained simply. Learn what they do, why you need them and how to set them up for your domain.
7 min read · Updated May 2026
Why Your Business Emails End Up in Spam (And How to Fix It)
UpdatedBusiness emails landing in spam? You're probably missing SPF, DKIM or DMARC records. Here's what they are and how to set them up.
8 min read · Updated Apr 2026
Email Marketing Consent: Country-by-Country Rules
UpdatedEmail marketing rules differ across Europe. Here are the consent requirements for the Netherlands, Germany, UK, Belgium and more.
11 min read · Updated Apr 2026
EU Soft Opt-in: Email Customers Without Consent
UpdatedThe soft opt-in lets you email existing customers without explicit consent. But strict conditions apply. Here's how it works.
8 min read · Updated May 2026
Images & Copyright
Are Copytrack and PicRights Claims Legitimate? (EU Guide)
UpdatedHow to verify whether a Copytrack or PicRights copyright claim is legitimate under EU law: the mandate test, the originality test and what to do next.
7 min read · Updated May 2026
Getty Images / PicRights Demand Letter: EU Response Guide
UpdatedResponding to Getty Images, PicRights or Copytrack demand letters under EU copyright law: the four defences, realistic settlements and what not to do.
9 min read · Updated May 2026
How Much Does a Copyright Claim Actually Cost? (EU)
UpdatedHow much a copyright claim costs in the EU: real settlement ranges for Getty Images, Copytrack and PicRights demands plus what drives the price up or down.
7 min read · Updated May 2026
Should You Ignore a Copyright Demand Letter? (EU)
UpdatedShould you ignore a Getty, Copytrack or PicRights demand letter? Why silence usually backfires and the rare situations where it might be the right call.
6 min read · Updated May 2026
Web Designer Copyright Liability: Who Pays in the EU?
UpdatedIf your web designer used unlicensed images, who pays the copyright claim under EU law? Operator liability, regress claims and a warranty clause template.
8 min read · Updated May 2026
AI-Generated Code and Open-Source Licences
UpdatedCopilot or Cursor wrote GPL code into your site. The site operator distributes it, not the AI. What Doe v. GitHub decided and what you can actually do.
10 min read · Updated May 2026
AI-Generated Images on Your Business Website (EU 2026)
UpdatedArticle 50(4) of the AI Act applies 2 Aug 2026. The four risk layers an EU SMB should check before publishing AI-generated images on a website.
9 min read · Updated May 2026
Free Stock Photo Sources for Business Websites
UpdatedFind free stock photo sources that are safe for commercial use on your business website. Unsplash, Pexels, Pixabay and more, with license details.
9 min read · Updated May 2026
How to Scan Your Website for Copyrighted Images
UpdatedLearn how to find copyrighted images on your website before enforcement agencies do. Manual and automated methods to check every image.
6 min read · Updated May 2026