Blog
GDPR Guides & Resources
Practical compliance advice without the legal jargon.
WCAG 2.1 AA Accessibility: What Every Website Owner Must Know (2026)
The European Accessibility Act mandates WCAG 2.1 AA for most EU websites from June 2025. Learn the 8 most-failed criteria, how they overlap with GDPR, and how to audit your site for free.
Read articleGDPR Article 30: Records of Processing Activities (ROPA) — Complete Guide
What a ROPA is, who needs one, what it must contain, and how to build one for your website in under 10 minutes.
Read articleIntroducing the fixGDPR Browser Extension
GDPR compliance checks for any website — right from your browser toolbar. Instant score, 7 checks, live tracker monitoring. Free for Chrome & Firefox.
Read articleBest CookieYes Alternatives in 2026
CookieYes is a solid banner tool — but if you need DSAR management, compliance scanning, or monitoring, here are the alternatives that go further.
Read articleBest Cookiebot Alternatives in 2026
Cookiebot getting expensive? Compare the top alternatives by price, GDPR compliance depth, and features — including who should stay and who should switch.
Read articleBest Termly Alternatives in 2026
Termly is US-focused and lacks IAB TCF 2.3 and DSAR management. Here's how it compares to the top European-ready alternatives.
Read articleGDPR Compliance Checklist for Websites (2026)
A practical step-by-step checklist covering the 7 most critical GDPR requirements for any website — from SSL to cookie banners to privacy policies.
Read articleCookie Banner Requirements Under GDPR: What You Actually Need
Not all cookie banners are GDPR-compliant. Learn what makes a cookie consent banner valid, what to avoid, and how to implement one correctly.
Read articleThe Biggest GDPR Fines Ever Issued (Updated 2026)
From Meta's €1.2 billion fine to small business penalties — a complete list of the largest GDPR fines and what violations caused them.
Read articleGDPR for Small Business — What You Actually Need
Does GDPR apply to your small website? Debunk the "small business exemption" myth and learn the 5 minimum requirements every site must meet.
Read articleGDPR vs CCPA — Key Differences and What Overlaps
Operating in the EU and California? Understand where GDPR and CCPA align, where they diverge, and how to comply with both at once.
Read articleHow to Add Cookie Consent to WordPress (Step-by-Step)
The best free plugins, setup walkthrough, common mistakes, and how to test your cookie banner for GDPR compliance.
Read articleIs Google Analytics 4 GDPR Compliant? (The Honest Answer)
European DPAs have ruled Google Analytics illegal in Austria, France, and Denmark. Here's what that means for your site and what to do about it.
Read articleGDPR and Email Marketing: The Rules Most Senders Get Wrong
Double opt-in, bought lists, legacy subscribers, and what MailChimp doesn't handle for you. The GDPR email marketing rules that actually matter.
Read articleGDPR for SaaS: The 8 Things You Need Before Your First Paying Customer
Privacy policy, DPAs with processors, cookie consent, deletion mechanism, breach plan — the 8 GDPR requirements every SaaS product must have before launch.
Read articleGDPR for Shopify: What Shopify Doesn't Configure For You
Shopify provides infrastructure but not compliance. Cookie consent, marketing email opt-in, third-party apps — here's what you must configure yourself.
Read articleThe Right to Erasure: What "Delete My Data" Actually Requires
Deleting an account isn't enough. GDPR's right to erasure covers all personal data across every system you've synced it to. Here's the full picture.
Read articleGDPR Data Breach Notification: What the 72-Hour Rule Really Means
A misconfigured S3 bucket counts as a breach. The 72-hour clock starts when you become aware. Here's what Articles 33 and 34 actually require.
Read articleGDPR Legitimate Interests: The Most Misused Lawful Basis
Most sites invoke legitimate interests as a catch-all to avoid getting consent. The 3-part LIA test doesn't work that way. Here's what it actually requires.
Read articleHow Long Can You Keep Personal Data Under GDPR? (It's Not "Forever")
GDPR's storage limitation principle means you can't keep data indefinitely. Practical retention periods by data type and how to implement automated deletion.
Read articleGoogle Tag Manager and GDPR: The Tag Firing Problem
GTM fires all tags on All Pages by default — including before consent. Consent Mode v2 helps but only with a real CMP. Here's the correct configuration.
Read articleGDPR for Webflow: The Compliance Gaps Webflow Doesn't Fill
Webflow handles SSL and hosting. Cookie consent, form consent, self-hosted fonts, and Google Analytics gating are all on you. Here's what to add.
Read articleIs Your Newsletter Signup GDPR Compliant? 5 Things to Check Right Now
5 quick compliance checks: unchecked checkbox, specific purpose, double opt-in, unsubscribe link, and consent records with timestamps.
Read articleGDPR for Freelance Developers: You're More Liable Than You Think
Freelance developers with database access are processors under GDPR. You need a DPA with every client — and documented objections when clients refuse compliance.
Read articleWhat is a Data Processing Agreement (DPA) and Does Your Site Need One?
Article 28 requires a DPA with every processor handling data on your behalf. The 8 required terms and where to find DPAs for AWS, Stripe, Mailchimp, and more.
Read articleHow to Audit Your Website for GDPR in 90 Minutes (No Lawyer Needed)
A step-by-step audit process: automated scan, DevTools cookie check, privacy policy completeness review, form audit, script inventory, and deletion flow test.
Read articleGDPR for Squarespace: What's Missing From the Built-in Settings
Squarespace's cookie banner defaults to opt-out. GA4 can fire before consent. YouTube embeds load tracking scripts. Here's how to fix each issue.
Read articleFacebook Pixel and GDPR: What Meta's Own Terms Actually Say
Meta is a joint controller for pixel data, not just a processor. The pixel fires before consent by default. Here's the legal risk and the fix.
Read article6 GDPR Checks For Every Web Form Before You Go Live
Six compliance checks for every form: unchecked consent, clear purpose, privacy link, data minimisation, encryption, and deletion mechanism.
Read articleGDPR Dark Patterns: The Tricks Regulators Are Actively Fining
The EDPB named 6 cookie consent dark patterns in 2022. CNIL fined Google €150M and Facebook €60M for one of them. Here's the full list.
Read articleDoes GDPR Apply to Nonprofits and Charities? (Yes, But...)
GDPR applies to nonprofits regardless of legal form. What's different, what charities commonly miss, and the practical minimums.
Read articlereCAPTCHA, Google Fonts, and Maps: The Google Services That Quietly Break GDPR
A Munich court fined a site €100 for Google Fonts. reCAPTCHA v3 profiles every visitor. Google Maps sends IPs to Google. What to replace each one with.
Read article