GDPR for Developers: What German Websites Actually Need

Building for German clients means GDPR (DSGVO) compliance isn't optional. Courts are enforcing it with €5,000–50,000 fines. Here's what you actually need. 1. Cookie Consent That Actually Works German courts are strict: no non-essential cookies before explicit consent. // ❌ ILLEGAL in Germany — loads GA before consent gtag('config', 'GA-XXXXXXXX'); // ✅ Legal — only after user accepts document.getElementById('accept-all').addEventListener('click', () => { loadGoogleAnalytics('GA-XXXXXXXX'); setCookie('consent', 'granted', 365); }); Your banner needs a real "Reject All" button (equally prominent as "Accept All"), category-level control, and logged consent with timestamp. 2. Self-Host Google Fonts A Munich court fined a site €100 per visitor for loading Google Fonts directly from Google's servers. The IP address transmitted to Google without consent was the violation. /* ❌ Don't */ @import url('https://fonts.googleapis.com/css2?family=Inter'); /* ✅ Self-host */ @font-face { font-family