The 5-Minute DSGVO Compliance Checklist for Web Projects DSGVO compliance isn't a legal essay. It's a set of technical and procedural decisions. Here's the checklist we use before any project launch. Data Collection [ ] List all data you collect (name, email, IP, cookies, analytics) [ ] For each: why do you need it? (purpose limitation) [ ] For each: how long do you keep it? (storage limitation) [ ] Can you delete it on user request? (right to erasure) Technical Measures [ ] HTTPS everywhere (TLS 1.3) [ ] No third-party trackers (Google Analytics, Facebook Pixel) without consent [ ] Cookie banner for non-essential cookies (strict opt-in) [ ] Server location in EU (or SCCs for non-EU) [ ] Access logs stripped of PII or rotated after 30 days [ ] Database encryption at rest Documentation [ ] Privacy policy (German + English, plain language) [ ] Data processing agreement (if using third-party services) [ ] Incident response plan (72-hour notification requirement) [ ] User rights procedure (how to handle…