Website Compliance in Germany
German websites must comply with the DSGVO (GDPR), the Telemediengesetz (TMG), the Impressumspflicht (mandatory imprint), the European Accessibility Act, and strict cookie consent requirements. The Bundesdatenschutzbeauftragte (BfDI) and the 16 Landesdatenschutzbehörden actively enforce data protection rules. Germany also has uniquely strict Abmahn-culture: third parties, including competitors, can sue for Impressum violations, privacy-policy deficiencies, and unlicensed images.
Data protection authority:
Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
(BfDI)
Requirements
5
country-specific rules
Guides
11
guides available
Specific requirements for Germany
Impressumspflicht (mandatory imprint)
Every German commercial website must have an Impressum listing the full name and address of the responsible person or company, contact email, phone number, and where applicable the Handelsregisternummer and USt-IdNr. Violations are aggressively pursued via Abmahnungen (cease-and-desist letters) by competitors.
Datenschutzerklärung (privacy policy)
German websites must have a comprehensive Datenschutzerklärung under the DSGVO and BDSG. It must name every service that processes personal data (Google Analytics, fonts, CDN, contact forms), the legal basis for each, and contact details of the responsible controller.
Cookie consent (TTDSG)
The Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG) requires prior informed consent for non-essential cookies. German courts have ruled that nudging users (e.g. pre-ticked boxes, hard-to-find reject buttons) violates consent requirements.
Google Fonts self-hosting
In January 2022 a Munich court (LG München I) ruled that embedding Google Fonts via Google servers without consent violates the DSGVO by leaking visitor IP addresses to the US. German websites should self-host fonts or use privacy-compliant CDN configurations.
European Accessibility Act (EAA) from June 2025
From 28 June 2025 the EAA requires e-commerce and financial-services websites in Germany to meet WCAG 2.1 AA accessibility standards. Violations can be reported to Marktüberwachungsbehörden.
Enforcement in Germany
The Hamburg DPA fined a company €105,000 for embedding Google Fonts without consent. The LG München I ordered a website to cease embedding Google Fonts via Google servers and pay €100 in damages to an individual complainant. Abmahnwellen (mass cease-and-desist campaigns) for missing Impressum or cookie-consent non-compliance are common, with typical Abmahnung costs of €500–€1,500.
Official resources
Guides for Germany
Contact Form GDPR Requirements: Article 13 Compliance
What a GDPR-compliant contact form needs: Article 13 information, the right legal basis (legitimate interest vs precontractual), unchecked boxes, retention.
How Much Does a Copyright Claim Actually Cost? (EU)
How much a copyright claim costs in the EU: real settlement ranges for Getty Images, Copytrack and PicRights demands plus what drives the price up or down.
Should You Ignore a Copyright Demand Letter? (EU)
Should you ignore a Getty, Copytrack or PicRights demand letter? Why silence usually backfires and the rare situations where it might be the right call.
Cookie Banner Requirements Under EU Law (2026 Guide)
Cookie banner requirements in the EU 2026: reject equal to accept, no dark patterns, prior consent. EDPB Guidelines 05/2020 explained.
Free Stock Photo Sources for Business Websites
Find free stock photo sources that are safe for commercial use on your business website. Unsplash, Pexels, Pixabay and more, with license details.
GDPR Fines for Small Businesses: Real Cases and Amounts
Real GDPR fines for small businesses run from about 1,000 to 50,000 EUR. See published regulator decisions, what triggers enforcement and how to avoid it.
How to Scan Your Website for Copyrighted Images
Learn how to find copyrighted images on your website before enforcement agencies do. Manual and automated methods to check every image.
SPF, DKIM and DMARC: Email Security in Plain Language
SPF, DKIM and DMARC explained simply. Learn what they do, why you need them and how to set them up for your domain.
Vulnerable WordPress Plugins: How to Check and Fix Them
Vulnerable WordPress plugins are the top attack vector for small business sites and a GDPR Article 32 risk. How to check, patch and audit your plugins.
Website Accessibility Overlays vs. Real Compliance
Accessibility overlays promise a one-click fix but don't deliver. Learn why they fail and what actually works.
EU Checkout Rules: Button Text, Pricing, Consent
EU checkout rules under Directive 2011/83/EU: order button text, price display, withdrawal rights and consent before the customer clicks Buy.
Check your website for Germany requirements
Our scanner checks for Germany-specific requirements automatically.
I understand this is a technical scan, not legal advice, and I accept the Terms.