Does Your Restaurant Website Meet the Rules?
Reservation forms collect personal data. Google Maps embeds leak visitor IPs. Menu PDFs might contain unlicensed photos. Most restaurant owners have no idea their website has these issues.
Common issues for restaurants & cafes
Reservation data is personal data
Names, emails, phone numbers and dietary preferences collected through booking forms all fall under GDPR. You need a privacy policy that covers this.
Google Maps shares visitor data with Google
That embedded map showing your location sends every visitor's IP address to Google. A German court ruled this violates GDPR without consent.
Menu photos might be copyrighted
Food photos pulled from the internet or provided by a designer without proper licensing can trigger demand letters from agencies like Getty or CopyTrack.
Delivery platform tracking pixels
If you use Uber Eats, Deliveroo or Thuisbezorgd integrations, their tracking scripts may fire before cookie consent.
4
Key issues
4
Areas checked
11
Guides
Real-world enforcement
A Munich court ruled in January 2022 that loading Google Fonts from Google servers violates GDPR — a feature used by most restaurant website templates. The ruling awarded €100 per affected visitor, triggering mass claims across Germany. In the Netherlands, the Autoriteit Persoonsgegevens has fined hospitality businesses for collecting reservation data without adequate privacy policies.
Official resources
We run the same complete check on every website. The guides below highlight which issues come up most often for each type of business.
Guides for restaurants & cafes
GDPR for Dutch Restaurant Websites: Fix Checklist
GDPR for Dutch restaurants: reservations, Google Maps, menu photos and delivery widgets. A practical checklist for restaurants and cafés.
Restaurant Website Accessibility: Menu, Booking & Ordering
Restaurant accessibility: your website menu, booking form and ordering system must be accessible under the EAA. Here's what to fix.
Google Maps Embed and GDPR: Three Compliant Solutions
Google Maps embeds send visitor IPs to Google without consent. Three GDPR-compliant alternatives: lazy load, static image, OpenStreetMap.
Cookie Banner Requirements Under EU Law (2026 Guide)
Cookie banner requirements in the EU 2026: reject equal to accept, no dark patterns, prior consent. EDPB Guidelines 05/2020 explained.
Free Stock Photo Sources for Business Websites
Find free stock photo sources that are safe for commercial use on your business website. Unsplash, Pexels, Pixabay and more, with license details.
GDPR Compliance Checklist for Dutch Businesses (2026)
GDPR compliance checklist for Dutch businesses: 35 points covering privacy policy, cookie consent, data processors, retention and breach reporting.
KVK Number on Your Website: Is It Required?
Dutch businesses must display their KVK number on their website. Here is where to put it and what else is required.
AI-Generated Code and Open-Source Licences
Copilot or Cursor wrote GPL code into your site. The site operator distributes it, not the AI. What Doe v. GitHub decided and what you can actually do.
AI-Generated Images on Your Business Website (NL 2026)
Article 50(4) of the AI Act applies 2 Aug 2026. The four risk layers a Dutch SMB should check before publishing AI-generated images on a website.
Contact Form GDPR Requirements: Article 13 Compliance
What a GDPR-compliant contact form needs: Article 13 information, the right legal basis (legitimate interest vs precontractual), unchecked boxes, retention.
EU AI Act for Dutch Website Owners
Article 50 of the AI Act applies 2 Aug 2026. AP and RDI enforce in the Netherlands. What Dutch SMB sites actually need to label, and what they don't.
Check your restaurants & cafes website now
150+ checks across GDPR, copyright, accessibility, security and more. No account needed.
I understand this is a technical scan, not legal advice, and I accept the Terms.