Does Your Restaurant Website Meet the Rules?
Reservation forms collect personal data. Google Maps embeds leak visitor IPs. Menu PDFs might contain unlicensed photos. Most restaurant owners have no idea their website has these issues.
Common issues for restaurants & cafes
Reservation data is personal data
Names, emails, phone numbers and dietary preferences collected through booking forms all fall under GDPR. You need a privacy policy that covers this.
Google Maps shares visitor data with Google
That embedded map showing your location sends every visitor's IP address to Google. A German court ruled this violates GDPR without consent.
Menu photos might be copyrighted
Food photos pulled from the internet or provided by a designer without proper licensing can trigger demand letters from agencies like Getty or CopyTrack.
Delivery platform tracking pixels
If you use Uber Eats, Deliveroo or Thuisbezorgd integrations, their tracking scripts may fire before cookie consent.
4
Key issues
4
Areas checked
11
Guides
Real-world enforcement
A Munich court ruled in January 2022 that loading Google Fonts from Google servers violates GDPR — a feature used by most restaurant website templates. The ruling awarded €100 per affected visitor, triggering mass claims across Germany. In the Netherlands, the Autoriteit Persoonsgegevens has fined hospitality businesses for collecting reservation data without adequate privacy policies.
Official resources
We run the same complete check on every website. The guides below highlight which issues come up most often for each type of business.
Guides for restaurants & cafes
GDPR for UK Restaurant Websites: Data, Bookings, and Consent
UK GDPR and PECR for restaurant websites: bookings, email signups, cookies, payment data. ICO guidance with examples.
Restaurant Website Accessibility: Menu, Booking & Ordering
Restaurant accessibility: your website menu, booking form and ordering system must be accessible under the EAA. Here's what to fix.
Food photos on UK restaurant menus: CDPA 1988 rules
Food photos from the internet are nearly always copyrighted under CDPA 1988. Using one without permission risks a demand letter.
Google Maps Embed and GDPR: The Compliance Problem
Embedding Google Maps sends visitor IP addresses and browsing data to Google without consent. Here are GDPR-compliant alternatives.
Cookie Banner Requirements Under EU Law (2026 Guide)
Cookie banner requirements in the EU 2026: reject equal to accept, no dark patterns, prior consent. EDPB Guidelines 05/2020 explained.
Free Stock Photo Sources for Business Websites
Find free stock photo sources that are safe for commercial use on your business website. Unsplash, Pexels, Pixabay and more, with license details.
GDPR Compliance Checklist for Your Website (2026)
A practical GDPR checklist for small business websites. Check cookies, privacy policy, consent forms, and tracking scripts.
GDPR for accountants in the UK: ICAEW, ACCA & AML
GDPR for UK accountants. ICAEW/ACCA/AAT standards, MLR 2017 anti-money laundering, client confidentiality, ICO breach notification, and website rules.
GDPR for estate agents in the UK: Propertymark & AML
GDPR for UK estate agents. Propertymark, MLR 2017 anti-money laundering, viewings, photography, tenancy data, ICO breach notification, and website rules.
AI-Built Website Liability Under UK Law
ICO enforces UK GDPR, PECR and Equality Act against the site owner, not Cursor, Lovable or the developer. EU PLD doesn't apply post-Brexit.
AI-Generated Code and Open-Source Licences (UK)
Copilot or Cursor wrote GPL code into your site. UK Consumer Protection Act, not the EU PLD. What Doe v. GitHub decided and what to do about it.
Check your restaurants & cafes website now
150+ checks across GDPR, copyright, accessibility, security and more. No account needed.
I understand this is a technical scan, not legal advice, and I accept the Terms.