Website Rules in Austria
Austrian websites must include an Impressum under the ECG §5 and Mediengesetz §§24-25. The DSB enforces GDPR with a focus on cookies and tracking.
Data protection authority:
Datenschutzbehörde
(DSB)
Requirements
3
country-specific rules
Guides
11
guides available
Specific requirements for Austria
Impressum (ECG §5 + Mediengesetz)
Austrian law requires website identification under ECG §5 (E-Commerce-Gesetz) and media disclosure under Mediengesetz §§24-25. Both must be accessible from every page.
DSB enforcement
The Austrian DSB was the first EU DPA to rule that Google Analytics transfers to the US violated GDPR (January 2022, noyb complaint).
Cookie consent
Austria follows the standard GDPR/ePrivacy approach to cookies. The DSB has aligned with the EDPB guidelines on valid consent.
Enforcement in Austria
The Austrian DSB made international headlines in January 2022 when it ruled — following a noyb complaint — that using Google Analytics violates GDPR because data is transferred to the US without adequate protection. This decision influenced similar rulings across France, Italy, and other EU member states. The DSB has also fined companies for using cookie banners that lacked a clear reject option.
Official resources
Guides for Austria
EAA penalties Ireland: SI 636/2023 criminal liability
EAA penalties in Ireland: S.I. 636/2023 creates criminal liability with fines up to €60,000 and 18 months imprisonment. CCPC enforcement explained.
GDPR Fines for Small Businesses: Real Cases and Amounts
Real GDPR fines for small businesses run from about 1,000 to 50,000 EUR. See published regulator decisions, what triggers enforcement and how to avoid it.
GDPR compliance checklist for Irish businesses (2026)
GDPR compliance checklist for Irish businesses. DPC enforcement, DPA 2018, ePrivacy Regs 2011, CRO disclosure, cookie consent and processor agreements.
Contact Form GDPR Requirements: Article 13 Compliance
What a GDPR-compliant contact form needs: Article 13 information, the right legal basis (legitimate interest vs precontractual), unchecked boxes, retention.
Google Analytics and GDPR: Is GA4 Legal in the EU? (2026)
Can you use Google Analytics 4 in the EU? The consent requirement, the EU-US DPF transfer mechanism, Consent Mode v2 limits and cookieless alternatives.
Data Breach Reporting Under GDPR: 72-Hour Notification
Report a personal data breach under GDPR Article 33: the 72-hour clock, when notification is required, what to file and when to tell affected individuals.
Data Processing Agreement (DPA): Article 28 GDPR Guide
When a third-party service needs a Data Processing Agreement under GDPR Article 28: required clauses, common processors and how to handle DPA refusal.
GDPR Data Retention Periods: Article 5(1)(e) Guide
How long can you keep personal data under GDPR? The Article 5(1)(e) storage limitation principle and retention periods by data category for EU businesses.
GDPR Records of Processing: Article 30 Template
Build the Article 30 GDPR record of processing activities. Who is exempt, what to include, controller vs processor versions and a ready-to-fill template.
How to Scan Your Website for Copyrighted Images
Learn how to find copyrighted images on your website before enforcement agencies do. Manual and automated methods to check every image.
SPF, DKIM and DMARC: Email Security in Plain Language
SPF, DKIM and DMARC explained simply. Learn what they do, why you need them and how to set them up for your domain.
Check your website for Austria requirements
Our scanner checks for Austria-specific requirements automatically.
I understand this is a technical scan, not legal advice, and I accept the Terms.