{"id":4359,"date":"2025-11-24T12:58:59","date_gmt":"2025-11-24T11:58:59","guid":{"rendered":"https:\/\/trackboxx.com\/?p=4359"},"modified":"2025-12-13T16:46:38","modified_gmt":"2025-12-13T15:46:38","slug":"gdpr-for-websites-2025-the-reality-check","status":"publish","type":"post","link":"https:\/\/trackboxx.com\/en\/dsgvo-fuer-websites-2025-der-realitaets-check\/","title":{"rendered":"GDPR for websites in 2025 \u2013 the reality check"},"content":{"rendered":"<p><strong>Or: Why 90% was unnecessary panic (and which 10% will really save your skin)<\/strong><\/p>\n\n\n\n<p>Do you remember May 2018? The great GDPR apocalypse was imminent. Lawyers predicted waves of warnings, consultants sold expensive emergency packages, and it felt like every other newsletter was announcing the end of the internet.<\/p>\n\n\n\n<p>Now, almost seven years later, it's time for an honest reality check. What really happened? Spoiler alert: the internet still exists, most of you are still alive, and the millions in fines? Well, we'll get to that in a moment.<\/p>\n\n\n\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;69f5bda41a194&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"69f5bda41a194\" class=\"wp-block-image size-large wp-lightbox-container\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"559\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/dsgvo-entwicklung-1-1024x559.png\" alt=\"\" class=\"wp-image-4362\" title=\"\" srcset=\"https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/dsgvo-entwicklung-1-1024x559.png 1024w, https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/dsgvo-entwicklung-1-300x164.png 300w, https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/dsgvo-entwicklung-1-768x419.png 768w, https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/dsgvo-entwicklung-1-1536x838.png 1536w, https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/dsgvo-entwicklung-1-18x10.png 18w, https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/dsgvo-entwicklung-1.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">The big panic balance sheet: surprising figures<\/h2>\n\n\n\n<p>Can you imagine that almost nothing remains of the feared mass warnings? According to Bitkom surveys, around 20% of companies report at least one data protection breach within a year \u2013 but only a tiny fraction of these actually result in a fine.<\/p>\n\n\n\n<p style=\"border-width:1px;padding-top:20px;padding-right:20px;padding-bottom:20px;padding-left:20px\"><strong><em>An analysis of published German GDPR fines for 2018 shows an average fine of around \u20ac8,500 \u2013 a far cry from the millions often cited.<\/em><\/strong><\/p>\n\n\n\n<p>For comparison:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Feared penalties in 2018:<\/strong> up to 20 million euros (panic!!!)<\/li>\n\n\n\n<li><strong>Actual average penalty for SMEs:<\/strong> 8,500 euros<\/li>\n\n\n\n<li><strong>Most common punishment:<\/strong> Warning without a fine<\/li>\n<\/ul>\n\n\n\n<p>If you look at all the fines imposed in recent years, the total in Germany comes to <strong>around 1,600 to 1,700 known cases<\/strong>.<br>And even if the number of unreported cases is a bit higher:<br>We are talking about a tiny number.<br>With over 3.5 million companies, that's practically nothing. You have a higher chance of being struck by lightning.<\/p>\n\n\n\n<p><strong>\ud83d\udcca Table \u2013 \u201eGDPR fines in Germany 2018\u20132023<\/strong><\/p>\n\n\n\n<table style=\"width:100%; border-collapse:collapse; font-size:16px;\">\n  <thead>\n    <tr>\n      <th style=\"border-bottom:2px solid #ddd; text-align:left; padding:8px;\">year<\/th>\n      <th style=\"border-bottom:2px solid #ddd; text-align:left; padding:8px;\">Number of fines<\/th>\n      <th style=\"border-bottom:2px solid #ddd; text-align:left; padding:8px;\">Total fines (in \u20ac million)<\/th>\n      <th style=\"border-bottom:2px solid #ddd; text-align:left; padding:8px;\">Reported data breaches<\/th>\n    <\/tr>\n  <\/thead>\n  <tbody>\n    <tr>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">2018<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">around 40<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">\u2014<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">\u2014<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">2019<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">187<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">&gt; 25<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">\u2014<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">2020<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">284<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">48,15<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">26.057<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">2021<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">373<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">2,11<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">13.890<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">2022<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">453<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">5,81<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">21.170<\/td>\n    <\/tr>\n    <tr>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">2023<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">357<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">4,94<\/td>\n      <td style=\"border-bottom:1px solid #eee; padding:8px;\">24.749<\/td>\n    <\/tr>\n  <\/tbody>\n<\/table>\n\n\n\n<details class=\"wp-block-stackable-accordion stk-block-accordion stk-inner-blocks stk-block-content stk-block stk-696675e is-style-default\" data-block-id=\"696675e\">\n<summary class=\"wp-block-stackable-column stk-block-column stk-column stk-block stk-86fe384 stk--container-small stk-block-accordion__heading\" data-v=\"4\" data-block-id=\"86fe384\"><div class=\"stk-column-wrapper stk-block-column__content stk-container stk-86fe384-container stk-hover-parent\"><div class=\"stk-block-content stk-inner-blocks stk-86fe384-inner-blocks\">\n<div class=\"wp-block-stackable-icon-label stk-block-icon-label stk-block stk-5793501\" data-block-id=\"5793501\"><div class=\"stk-row stk-inner-blocks stk-block-content\">\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-2b4da35\" id=\"legende-hinweise\" data-block-id=\"2b4da35\"><p class=\"stk-block-heading__text\">Key \/ Notes:<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-icon stk-block-icon stk-block stk-fadfe8e\" data-block-id=\"fadfe8e\"><span class=\"stk--svg-wrapper\"><div class=\"stk--inner-svg\"><svg style=\"height:0;width:0\"><defs><lineargradient id=\"linear-gradient-fadfe8e\" x1=\"0\" x2=\"100%\" y1=\"0\" y2=\"0\"><stop offset=\"0%\" style=\"stop-opacity:1;stop-color:var(--linear-gradient-fadfe-8-e-color-1)\"><\/stop><stop offset=\"100%\" style=\"stop-opacity:1;stop-color:var(--linear-gradient-fadfe-8-e-color-2)\"><\/stop><\/lineargradient><\/defs><\/svg><svg data-prefix=\"fas\" data-icon=\"chevron-down\" class=\"svg-inline--fa fa-chevron-down fa-w-14\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewbox=\"0 0 448 512\" aria-hidden=\"true\" width=\"32\" height=\"32\"><path fill=\"currentColor\" d=\"M207.029 381.476L12.686 187.132c-9.373-9.373-9.373-24.569 0-33.941l22.667-22.667c9.357-9.357 24.522-9.375 33.901-.04L224 284.505l154.745-154.021c9.379-9.335 24.544-9.317 33.901.04l22.667 22.667c9.373 9.373 9.373 24.569 0 33.941L240.971 381.476c-9.373 9.372-24.569 9.372-33.942 0z\"><\/path><\/svg><\/div><\/span><\/div>\n<\/div><\/div>\n<\/div><\/div><\/summary>\n\n\n\n<div class=\"wp-block-stackable-column stk-block-column stk-column stk-block stk-e33deba stk-block-accordion__content\" data-v=\"4\" data-block-id=\"e33deba\"><div class=\"stk-column-wrapper stk-block-column__content stk-container stk-e33deba-container stk--no-background stk--no-padding\"><div class=\"stk-block-content stk-inner-blocks stk-e33deba-inner-blocks\">\n<p><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Published by state authorities or summarised at <em>GDPR Portal<\/em>. <a href=\"https:\/\/www.dsgvo-portal.de\/news\/rueckblick_dsgvo-bussgeldverfahren_und_datenpannen_2023.php?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">Data protection law firm+3dsgvo-portal.de+3dsgvo-portal.de+3<\/a><\/li>\n\n\n\n<li>Only the amounts reported as the \u201elower limit\u201c \u2013 some authorities did not provide complete information. 2020: \u20ac48.15 million <a href=\"https:\/\/www.dsgvo-portal.de\/dsgvo-bussgeld-datenbank\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">dsgvo-portal.de+1<\/a><\/li>\n\n\n\n<li>Reports of data breaches (not automatically fines).<\/li>\n\n\n\n<li>Number of approximately 40 cases in 2018 according to Wikipedia (\u201e41 cases by the end of 2018...\u201c) <a href=\"https:\/\/de.wikipedia.org\/wiki\/Datenschutz-Grundverordnung?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">Wikipedia+1<\/a><\/li>\n\n\n\n<li>2019: 187 fines, &gt; \u20ac25 million according to the GDPR portal Review of 2020. <a href=\"https:\/\/www.dsgvo-portal.de\/dsgvo-bussgeld-datenbank\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">dsgvo-portal.de<\/a><\/li>\n\n\n\n<li>2020 Data from GDPR portal (26,057 reports, 284 fines, \u20ac48.15 million) <a href=\"https:\/\/www.dsgvo-portal.de\/dsgvo-bussgeld-datenbank\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">dsgvo-portal.de+1<\/a><\/li>\n\n\n\n<li>2021: 373 fines, \u20ac2.11 million as the lower limit. <a href=\"https:\/\/www.dsgvo-portal.de\/dsgvo-bussgeld-datenbank\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">dsgvo-portal.de<\/a><\/li>\n\n\n\n<li>2022: 453 fines, \u20ac5.81 million. <a href=\"https:\/\/www.dsgvo-portal.de\/news\/rueckblick_dsgvo-bussgeldverfahren_und_datenpannen_2023.php?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">dsgvo-portal.de+1<\/a><\/li>\n\n\n\n<li>2023: 357 fines, \u20ac4.94 million. <a href=\"https:\/\/www.dsgvo-portal.de\/news\/rueckblick_dsgvo-bussgeldverfahren_und_datenpannen_2023.php?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">dsgvo-portal.de<\/a><\/li>\n<\/ol>\n\n\n\n<p><strong>Note:<\/strong> No reliable overall figures are available for 2024 or complete data until the end of 2024.<\/p>\n<\/div><\/div><\/div>\n<\/details>\n\n\n\n<p style=\"border-width:1px;padding-top:20px;padding-right:20px;padding-bottom:20px;padding-left:20px\">The data shows that although the GDPR has been in force since 2018, <strong>between 2018 and 2023 in Germany, fewer than 1,700 fines<\/strong> imposed (see table). With around 3.5 million companies, this means that only about <strong>one of approximately 2,000 companies<\/strong> has ever been fined.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What the authorities are REALLY interested in (and what they are not)<\/h2>\n\n\n\n<p>After seven years of GDPR, we know pretty much where data protection authorities are looking and where they are turning a blind eye. Surprise: it's not what we were told in 2018.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What really interests me:<\/h3>\n\n\n\n<p><strong>1. Data leaks and hacker attacks without notification<\/strong> \u2013 Anyone who has a reportable data breach and fails to report it within 72 hours has a real problem.<br>This point regularly appears in the activity reports of the authorities as one of the most common reasons for fines \u2013 especially in the case of larger leaks or completely missing reports.<\/p>\n\n\n\n<p><strong>2. No response to requests for information<\/strong> \u2013 If someone asks for their data and you simply <em>does not respond<\/em>, Then it gets really unpleasant.<br>German courts now regularly award damages \u2014 ranging from a few hundred to five figures.<br><\/p>\n\n\n\n<p><strong>Would you like an example?<\/strong><br>10,000 euros for providing information to a former employee 20 months late (Oldenburg Labour Court).<br>And even small online shops are now raking in four-figure sums if they simply do not respond.<\/p>\n\n\n\n<p><strong>3. Newsletters without consent<\/strong> \u2013 The perennial favourite for 20 years.<br>This issue keeps cropping up in warning letter practice \u2014 as reliably as an annual statement.<br>Sending without consent in 2025 is about as brilliant as Password123.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">(Almost) nobody is interested in this:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cookie banner details<\/strong>Whether your banner is on the left or right, whether the \u201eAccept all\u201c button is blue or green \u2013 it doesn't matter. The main thing is that it's there (when you need it).<\/li>\n\n\n\n<li><strong>Lack of order processing agreements<\/strong>: Theoretically mandatory, but in practice no one asks about it. Unless something else happens and they take a closer look.<\/li>\n\n\n\n<li><strong>Outdated privacy policies<\/strong>As long as there is one at all, hardly anyone cares whether it is from 2019 or 2024.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">The 3 real risks that could hit you hard in 2025<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Risk 1: Google Fonts \u2013 The warning trap that no one saw coming<\/h3>\n\n\n\n<p>2022 was a really turbulent year: a ruling by the <strong>Munich Regional Court I<\/strong> made it clear that reloading Google Fonts from US servers without consent is a violation of the GDPR. Zack \u2013 one user was awarded \u20ac100 in damages, and suddenly a few particularly creative warning letter writers sensed the next business model. Result: <strong>at least one hundred thousand letters<\/strong> went through the country. Demand: around <strong>\u20ac170 in \u201ecompensation for pain and suffering\u201c<\/strong> \u2013 so low that many simply paid up to keep the peace.<\/p>\n\n\n\n<p>The solution is still ridiculously simple:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Host fonts locally (plugin, 2 clicks, done)<\/li>\n\n\n\n<li>Or just use system fonts<\/li>\n\n\n\n<li>Proxy solutions are also available, but that's more of a nerd thing.<\/li>\n<\/ul>\n\n\n\n<p>And now for the big news: Even <strong>2023, 2024 and even 2025<\/strong> Google Fonts cases are still being dealt with by the courts. Some judgements now refer to the circumvention of warning letters as \u201eabusive\u201c, but until everything has been finally settled, the wheels of justice will continue to turn. Slowly but surely.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Risk 2: Google Analytics without a legal basis<\/h3>\n\n\n\n<p>This is where it gets exciting. Austria's data protection authority led the way, with France and Italy following suit: Google Analytics is not GDPR-compliant in its standard configuration. Germany? Still keeping a low profile, but the signs point to stormy weather ahead.<\/p>\n\n\n\n<p><strong>What really happens:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>No mass warnings to date<\/li>\n\n\n\n<li>BUT: In the event of complaints, the authorities will take a close look.<\/li>\n<\/ul>\n\n\n\n<p>Google Analytics without a legal basis is not a trivial offence.<br>There have been several instances of this in the EU. <strong>four- to five-figure fines<\/strong>, depending on severity and configuration.<br>Germany is still keeping a low profile, but when complaints are received, the authorities take a very close look.<\/p>\n\n\n\n<p><strong>What you can do:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Google Analytics with Consent Mode V2 and order processing (complicated)<\/li>\n\n\n\n<li>Switch to EU alternatives (Matomo, Plausible, or... well, you know)<\/li>\n\n\n\n<li>Doing without analytics altogether (seriously, it is possible)<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Risk 3: Contact forms without SSL<\/h3>\n\n\n\n<p>Yes, in 2025 we're still talking about it. Can you imagine that there are still websites without HTTPS? Neither can I, but they exist. And that's going to be expensive.<\/p>\n\n\n\n<p><strong>Real case from 2024:<\/strong> Craft business fined \u20ac3,500 for unencrypted contact form. The reason: \u201eNegligent endangerment of personal data.\u201c<\/p>\n\n\n\n<p><strong>The solution:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Let\u2019s Encrypt = free SSL certificate<\/li>\n\n\n\n<li>Installation: 5 minutes<\/li>\n\n\n\n<li>Excuses: Zero<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">The elephant in the room: Why cookie banners are still everywhere<\/h2>\n\n\n\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;69f5bda41d3a5&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"69f5bda41d3a5\" class=\"wp-block-image size-large wp-lightbox-container\"><img decoding=\"async\" width=\"1024\" height=\"571\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/comic-cookie-banner-1024x571.png\" alt=\"\" class=\"wp-image-4375\" title=\"\" srcset=\"https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/comic-cookie-banner-1024x571.png 1024w, https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/comic-cookie-banner-300x167.png 300w, https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/comic-cookie-banner-768x428.png 768w, https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/comic-cookie-banner-18x10.png 18w, https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/comic-cookie-banner.png 1400w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<p>Although hardly anyone is penalised for incorrect cookie banners, everyone still has them. Why?<\/p>\n\n\n\n<p><strong>The truth:<\/strong><\/p>\n\n\n\n<p>\ud83d\ude27 70 % of all cookie banners are technically incorrect<br>\ud83e\udd14 The consent rate is a measly 3\u20138 per cent.<br>\ud83d\ude44 And warnings? They practically never happen.<\/p>\n\n\n\n<p>Nevertheless, everyone has one of these things on their site.<br>Why? FOMO? Fear? Or because some agency decided in 2018 that \u201ethat's just how it's done\u201c?<\/p>\n\n\n\n<p><strong>And now comes the really exciting part:<\/strong><\/p>\n\n\n\n<p>You only need a banner if you <strong>non-essential services<\/strong> uses \u2013 i.e. things that send data to third parties or track users.<br>These include, for example:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tracking tools with cookies or fingerprinting<\/li>\n\n\n\n<li>Marketing\/advertising scripts (Meta Pixel, Google Ads, etc.)<\/li>\n\n\n\n<li>external resources that transfer personal data<\/li>\n\n\n\n<li>embedded content that tracks itself (YouTube, Maps, social feeds)<\/li>\n<\/ul>\n\n\n\n<p><strong>If you omit all of this or integrate it in a data protection-friendly manner<\/strong>, you will often no longer need the banner.<br>No external tracking = no consent = no banner = no fuss.<\/p>\n\n\n\n<p>With modern <strong>cookie-free analytics solutions<\/strong> you still get all the important insights \u2013 just without the need for consent and without conversion losses.<\/p>\n\n\n\n<div class=\"wp-block-stackable-call-to-action stk-block-call-to-action stk-block stk-e215782 is-style-default\" data-v=\"2\" data-block-id=\"e215782\"><div class=\"stk-block-call-to-action__content stk-content-align stk-e215782-column stk-container stk-e215782-container stk-hover-parent\"><div class=\"has-text-align-center stk-block-content stk-inner-blocks stk-e215782-inner-blocks\">\n<div class=\"wp-block-stackable-heading stk-block-heading stk-block-heading--v2 stk-block stk-55888e5\" id=\"jetzt-trackboxx-30-tage-kostenlos-testen\" data-block-id=\"55888e5\"><h3 class=\"stk-block-heading__text\">Try Trackboxx free for 30 days now<\/h3><\/div>\n\n\n\n<div class=\"wp-block-stackable-text stk-block-text stk-block stk-ea0d235\" data-block-id=\"ea0d235\"><p class=\"stk-block-text__text translation-block\">No payment information required! No automatic renewal!\nYour Trackboxx ready to go in 1 minute.<\/p><\/div>\n\n\n\n<div class=\"wp-block-stackable-button-group stk-block-button-group stk-block stk-0c93f40\" data-block-id=\"0c93f40\"><div class=\"stk-row stk-inner-blocks stk-block-content stk-button-group\">\n<div class=\"wp-block-stackable-button stk-block-button stk-block stk-b564d26\" data-block-id=\"b564d26\"><style>.stk-b564d26 .stk-button{padding-right:40px !important;padding-left:40px !important;background:linear-gradient(135deg,rgb(226,1,119) 0%,rgb(0,92,174) 99%) !important;border-top-left-radius:40px !important;border-top-right-radius:40px !important;border-bottom-right-radius:40px !important;border-bottom-left-radius:40px !important}<\/style><a class=\"stk-link stk-button stk--hover-effect-darken\" href=\"\/en\/helpcenter\/30-day-free-trial\/\" target=\"_blank\" rel=\"noreferrer noopener\"><span class=\"stk-button__inner-text\">Start for free now<\/span><\/a><\/div>\n<\/div><\/div>\n<\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">What has really changed in 2025<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">AI and data protection: the new minefield<\/h3>\n\n\n\n<p>ChatGPT, Claude, Midjourney \u2013 the question is no longer whether, but how you use AI. And this is where it gets tricky:<\/p>\n\n\n\n<p><strong>Can I enter customer data into ChatGPT?<\/strong> Short answer: No. Long answer: No, unless you have the Enterprise version with order processing.<\/p>\n\n\n\n<p><strong>What about AI-generated text on my website?<\/strong> No GDPR issue, as long as no personal data was included in the prompt.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The next wave: Digital Services Act (DSA)<\/h3>\n\n\n\n<p>While everyone is focused on the GDPR, the DSA has been in force since February 2024. It primarily affects platforms and marketplaces, but also:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Large online shops (45 million users or more in the EU)<\/li>\n\n\n\n<li>Social media pages<\/li>\n\n\n\n<li>Forums and communities<\/li>\n<\/ul>\n\n\n\n<p><strong>The good news:<\/strong> Nothing changes for normal websites.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The 5-point reality check for your website<\/h2>\n\n\n\n<p>Enough with the theory. Here's what you REALLY need to know:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>SSL certificate active?<\/strong> \u2192 If not, change IMMEDIATELY<\/li>\n\n\n\n<li><strong>Is there a privacy policy?<\/strong> \u2192 Use generator, done<\/li>\n\n\n\n<li><strong>Imprint accessible?<\/strong> \u2192 Maximum of 2 clicks<\/li>\n\n\n\n<li><strong>Newsletter with double opt-in?<\/strong> \u2192 If not, change<\/li>\n\n\n\n<li><strong>Google Fonts locally?<\/strong> \u2192 If not, install the plugin.<\/li>\n<\/ol>\n\n\n\n<p>All done? Congratulations, you are more secure than 90% of all German websites.<\/p>\n\n\n\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;69f5bda41e385&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"69f5bda41e385\" class=\"wp-block-image size-large wp-lightbox-container\"><img decoding=\"async\" width=\"1024\" height=\"1024\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/dsgvo-konform-65min-1024x1024.png\" alt=\"\" class=\"wp-image-4371\" title=\"\" srcset=\"https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/dsgvo-konform-65min-1024x1024.png 1024w, https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/dsgvo-konform-65min-300x300.png 300w, https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/dsgvo-konform-65min-150x150.png 150w, https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/dsgvo-konform-65min-768x768.png 768w, https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/dsgvo-konform-65min-12x12.png 12w, https:\/\/trackboxx.com\/wp-content\/uploads\/2025\/11\/dsgvo-konform-65min.png 1400w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">The conclusion that should reassure you<\/h2>\n\n\n\n<p>After seven years of GDPR, we know that the world has not ended. The feared wave of warnings did not materialise. The million-pound fines only affected the very big players (looking at you, Meta).<\/p>\n\n\n\n<p><strong>What really matters:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Get the basics right (SSL, privacy policy, legal notice)<\/li>\n\n\n\n<li>Avoid the three real risks (fonts, analytics, SSL)<\/li>\n\n\n\n<li>Don't let every new \u201eGDPR expert\u201c drive you crazy<\/li>\n<\/ul>\n\n\n\n<p>And the next time you read an article predicting the end of the world, remember: we were all supposed to perish in 2018. That didn't happen.<\/p>\n\n\n\n<p><strong>In the next part of the series:<\/strong> Why cookie banners are the most ridiculous invention since pop-up blockers \u2013 and how you can legally get rid of them. Spoiler alert: it has to do with cookie-free tracking, and yes, it really works.<\/p>","protected":false},"excerpt":{"rendered":"<p>Oder: Warum 90% der Panik umsonst war (und welche 10% euch wirklich den Arsch retten) Erinnert ihr euch noch an Mai 2018? Die gro\u00dfe DSGVO-Apokalypse stand bevor. Anw\u00e4lte prophezeiten Abmahnwellen, Berater verkauften teure Notfall-Pakete, und gef\u00fchlt jeder zweite Newsletter k\u00fcndigte das Ende des Internets an. Jetzt, knapp 7 Jahre sp\u00e4ter, wird&#8217;s Zeit f\u00fcr einen ehrlichen [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4360,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1,67],"tags":[],"class_list":["post-4359","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogboxx","category-datenschutz"],"acf":[],"_links":{"self":[{"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/posts\/4359","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/comments?post=4359"}],"version-history":[{"count":3,"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/posts\/4359\/revisions"}],"predecessor-version":[{"id":4673,"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/posts\/4359\/revisions\/4673"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/media\/4360"}],"wp:attachment":[{"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/media?parent=4359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/categories?post=4359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trackboxx.com\/en\/wp-json\/wp\/v2\/tags?post=4359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}