Originally written for r/smallbusiness on Reddit — sharing here for the dev.to community.
If your business has a website and operates in the EU (or has EU customers), this might save you serious money.
The €900 Mistake
Six months ago, one of my clients — a small restaurant in Munich — received an Abmahnung (formal legal warning) demanding €900 in legal fees. The reason? Their website loaded Google Fonts from Google's servers.
That's it. Just fonts. The same fonts that WordPress themes and website builders install by default.
In Germany, this counts as sending user IP addresses to Google without consent — a GDPR/DSGVO violation. Courts have upheld this repeatedly since 2022.
The average Abmahnung costs €500-2,000. For a small business, that's devastating.
How Common Is This?
After that incident, I started scanning client websites. Out of 200+ sites I checked:
- 73% had at least one GDPR issue
- 52% were loading Google Fonts externally (the #1 violation)
- 38% had no cookie consent banner despite using analytics
- 31% ran Google Analytics without proper configuration
- 19% were missing a legal notice page (Impressum)
Most business owners have no idea their site is non-compliant. They hired a web designer, the site looks great, and they assume everything is fine.
I Built a Free Scanner
To help businesses check their sites quickly, I built a free tool:
nevik.de/guard/
- No signup required
- Enter your URL, get results in 30 seconds
- Completely free
It checks for:
- External fonts — Are Google Fonts or other external fonts loading?
- Trackers — Google Analytics, Facebook Pixel, TikTok Pixel, etc.
- Cookie consent — Is there a consent banner?
- SSL certificate — Is your site secure?
- Legal pages — Impressum, privacy policy present?
- Third-party services — What external services does your site connect to?
What to Do If Your Site Has Issues
Here's the good news: most fixes are straightforward.
For Google Fonts: Your web developer can download the fonts and host them on your own server. Takes 15 minutes.
For cookie consent: Install a consent management tool. There are free options (Cookiebot has a free tier, or use Klaro which is open source).
For missing legal pages: You need an Impressum (legal notice) and Datenschutzerklärung (privacy policy). These are required by law in Germany and good practice everywhere in the EU.
For Google Analytics: Switch to a privacy-friendly alternative, or configure GA4 with server-side tracking and IP anonymization.
The Hard Truth About GDPR
Small businesses think GDPR doesn't apply to them or that no one will notice. But law firms in Germany specialize in scanning websites automatically, finding violations, and sending mass Abmahnungen. It's a business model for them.
Your small restaurant website is just as liable as a Fortune 500 company's site. And the lawyers know small businesses usually settle quickly.
What It Costs to Be Compliant vs Not
| Scenario | Cost |
|---|---|
| Free scanner check | €0 |
| Fix Google Fonts | €0-100 (your web dev, 15 min) |
| Add cookie consent | €0-50/month |
| Add legal pages | €0-200 |
| Get Abmahnung | €500-2,000+ |
Prevention is 10-100x cheaper than the cure.
If You Need Help
The free scanner tells you what's wrong. If you need help fixing it, I put together a guide that walks through every common issue with step-by-step instructions and templates for legal pages. DM me if you want the link.
Also happy to answer any specific questions about GDPR compliance in the comments. I'm a developer, not a lawyer, but I've dealt with enough Abmahnungen to know the technical side very well.
Top comments (0)