GDPR for Developers: What German Websites Actually Need

Building for German clients means GDPR (DSGVO) compliance isn't optional. Courts are enforcing it with €5,000–50,000 fines. Here's what you actually need. 1. Cookie Consent That Actually Works German courts are strict: no non-essential cookies before explicit consent . // ❌ ILLEGAL in Germany — loads GA before consent gtag ( ' config ' , ' GA-XXXXXXXX ' ); // ✅ Legal — only after user accepts document . getElementById ( ' accept-all ' ). addEventListener ( ' click ' , () => { loadGoogleAnalytics ( ' GA-XXXXXXXX ' ); setCookie ( ' consent ' , ' granted ' , 365 ); }); Your banner needs a real "Reject All" button (equally prominent as "Accept All"), category-level control, and logged consent with timestamp. 2. Self-Host Google Fonts A Munich court fined a site €100 per visitor for loading Google Fonts directly from Google's servers. The IP address transmitted to Google without consent was the violation. /* ❌ Don't */ @import url('https://fonts.googleapis.com/css2?family=Inter') ; /* ✅ Sel