I audit websites for GDPR compliance. In the last month, I found that 87% of small business websites in Germany have at least one critical GDPR violation.
Here are the most common ones — and they're shockingly easy to fix.
1. Google Fonts Loaded Externally
The problem: Every time a visitor loads your page, their IP is sent to Google servers in the US. Since Schrems II, this requires explicit consent.
The fine: €100 per visitor (yes, there's precedent — LG München, Jan 2022).
The fix: Self-host your fonts. 5 minutes of work.
2. Cookie Banner That Doesn't Actually Block Cookies
Most cookie banners are decorative. They show a popup but load Google Analytics, Facebook Pixel, and HotJar before the user consents.
The fix: Use a consent manager that actually blocks scripts until consent. I recommend Cookiebot or a self-hosted solution.
3. Missing or Incomplete Privacy Policy
Your privacy policy needs to list:
- Every third-party service you use
- What data each collects
- Legal basis for each
- Data retention periods
- How users can request deletion
Most privacy policies I see are templates from 2018 that haven't been updated.
4. Contact Forms Without SSL
Still see this in 2026. Personal data transmitted over HTTP = violation.
5. No Data Processing Agreement (Auftragsverarbeitungsvertrag)
Using Mailchimp? Google Workspace? AWS? You need a signed DPA with each provider.
How to Check Your Site
I built a comprehensive GDPR Website Audit Checklist (€19) that covers:
- 47 specific checkpoints
- German legal requirements (TTDSG, BDSG, DSGVO)
- Impressum requirements
- Cookie consent validation
- Third-party service audit
- Data flow mapping
- Template for privacy policy updates
For automated monitoring, my AI Automation Starter Kit (€29) includes a weekly GDPR compliance scanner that runs automatically via n8n.
Disclaimer: I'm a developer, not a lawyer. This is technical guidance based on current enforcement patterns.
🛠️ Need Help with GDPR, WordPress or NIS2?
| Service | Price | Link |
|---|---|---|
| GDPR Complete Audit | €149 | Book now |
| NIS2 Compliance Audit | €299 | Book now |
| IT Consulting (1 hour) | €99 | Book now |
| NIS2 + GDPR Bundle | €499 | Book now |
Free Tools:
- 🔍 GDPR Website Checker — Check your site for free
- 📋 GDPR Checklist (66 points) — €19 download
Questions? → hi@nevik.de
☁️ Need a Server for Self-Hosting?
I run all my services on Hetzner Cloud — EU-based, from €3.29/mo. Use my link and we both get €20 in credits.
🛡️ Is Your Website GDPR Compliant?
Check in 60 seconds: nevik.de/check — free DSGVO scanner.
💡 Tools I Built: bewertung.nevik.de (Google Reviews) · cv.nevik.de (Free CV Builder)
Follow me on Dev.to for weekly guides on self-hosting, AI tools, and growing your business.
Top comments (0)