Website Compliance in Germany
German websites must comply with the DSGVO (GDPR), the Telemediengesetz (TMG), the Impressumspflicht (mandatory imprint), the European Accessibility Act, and strict cookie consent requirements. The Bundesdatenschutzbeauftragte (BfDI) and the 16 Landesdatenschutzbehörden actively enforce data protection rules. Germany also has uniquely strict Abmahn-culture: third parties, including competitors, can sue for Impressum violations, privacy-policy deficiencies, and unlicensed images.
Data protection authority:
Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
(BfDI)
Requirements
5
country-specific rules
Guides
12
guides available
Specific requirements for Germany
Impressumspflicht (mandatory imprint)
Every German commercial website must have an Impressum listing the full name and address of the responsible person or company, contact email, phone number, and where applicable the Handelsregisternummer and USt-IdNr. Violations are aggressively pursued via Abmahnungen (cease-and-desist letters) by competitors.
Datenschutzerklärung (privacy policy)
German websites must have a comprehensive Datenschutzerklärung under the DSGVO and BDSG. It must name every service that processes personal data (Google Analytics, fonts, CDN, contact forms), the legal basis for each, and contact details of the responsible controller.
Cookie consent (TTDSG)
The Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG) requires prior informed consent for non-essential cookies. German courts have ruled that nudging users (e.g. pre-ticked boxes, hard-to-find reject buttons) violates consent requirements.
Google Fonts self-hosting
In January 2022 a Munich court (LG München I) ruled that embedding Google Fonts via Google servers without consent violates the DSGVO by leaking visitor IP addresses to the US. German websites should self-host fonts or use privacy-compliant CDN configurations.
European Accessibility Act (EAA) from June 2025
From 28 June 2025 the EAA requires e-commerce and financial-services websites in Germany to meet WCAG 2.1 AA accessibility standards. Violations can be reported to Marktüberwachungsbehörden.
Enforcement in Germany
The Hamburg DPA fined a company €105,000 for embedding Google Fonts without consent. The LG München I ordered a website to cease embedding Google Fonts via Google servers and pay €100 in damages to an individual complainant. Abmahnwellen (mass cease-and-desist campaigns) for missing Impressum or cookie-consent non-compliance are common, with typical Abmahnung costs of €500–€1,500.
Official resources
Guides for Germany
Contact Form GDPR Requirements: Article 13 Compliance
What a GDPR-compliant contact form needs: Article 13 information, the right legal basis (legitimate interest vs precontractual), unchecked boxes, retention.
Google Analytics and GDPR: Is GA4 Legal in the EU? (2026)
Can you use Google Analytics 4 in the EU? The consent requirement, the EU-US DPF transfer mechanism, Consent Mode v2 limits and cookieless alternatives.
Data Breach Reporting Under GDPR: 72-Hour Notification
Report a personal data breach under GDPR Article 33: the 72-hour clock, when notification is required, what to file and when to tell affected individuals.
Data Processing Agreement (DPA): Article 28 GDPR Guide
When a third-party service needs a Data Processing Agreement under GDPR Article 28: required clauses, common processors and how to handle DPA refusal.
GDPR Data Retention Periods: Article 5(1)(e) Guide
How long can you keep personal data under GDPR? The Article 5(1)(e) storage limitation principle and retention periods by data category for EU businesses.
GDPR Records of Processing: Article 30 Template
Build the Article 30 GDPR record of processing activities. Who is exempt, what to include, controller vs processor versions and a ready-to-fill template.
GDPR Fines for Small Businesses: Real Cases and Amounts
Real GDPR fines for small businesses run from about 1,000 to 50,000 EUR. See published regulator decisions, what triggers enforcement and how to avoid it.
How to Scan Your Website for Copyrighted Images
Learn how to find copyrighted images on your website before enforcement agencies do. Manual and automated methods to check every image.
SPF, DKIM and DMARC: Email Security in Plain Language
SPF, DKIM and DMARC explained simply. Learn what they do, why you need them and how to set them up for your domain.
Vulnerable WordPress Plugins: How to Check and Fix Them
Vulnerable WordPress plugins are the top attack vector for small business sites and a GDPR Article 32 risk. How to check, patch and audit your plugins.
Website Accessibility Overlays vs. Real Compliance
Accessibility overlays promise a one-click fix but don't deliver. Learn why they fail and what actually works.
EU Checkout Rules: Button Text, Pricing, Consent
EU checkout rules under Directive 2011/83/EU: order button text, price display, withdrawal rights and consent before the customer clicks Buy.
Check your website for Germany requirements
Our scanner checks for Germany-specific requirements automatically.
I understand this is a technical scan, not legal advice, and I accept the Terms.