Every time the Spanish Data Protection Authority (AEPD) publishes a new sanction, our radar at Lawwwing goes off. And honestly, most fines are still due to the basics: a missing legal notice, an outdated privacy policy, or a cookie banner that doesn’t actually do its job.
That’s why today we’re going back to the essentials. Those key elements every website needs to avoid trouble. Yes, the law evolves—but the fundamentals haven’t changed: communicate clearly, ask for consent, and treat data with care (and respect).
If you manage a website—your own or a client’s—stick around. We’ll walk you through what you need to make sure your site is 100% compliant and builds trust from the first click.
You probably already know, but just in case: there’s no such thing as a legally compliant website without legal documents. If your site has forms, cookies, private areas, or you sell online, you need these four key texts:
This document tells users who’s behind the site and what responsibilities each party has. Even if you don’t collect personal data, it’s still mandatory.
🔎 Not sure what to include? Check out our guide:
👉 What to include in your website’s legal notice
If you collect personal data (even just an email in a form), you need a clear, up-to-date privacy policy that complies with the GDPR.
It should cover: what data you collect, why, how long you keep it, whether it’s shared, and how users can exercise their rights.
📄 Quick guide here:
👉 What is a privacy policy and what should it include?
As soon as your site uses cookies beyond the strictly necessary ones (e.g. Google Analytics, social media, remarketing), you must show a banner and clearly explain what cookies you use and why.
And most importantly: don’t install non-essential cookies before getting consent.
🍪 Need help figuring this out? Start here:
👉 How to set up and manage your website’s cookies
If you run an online store or offer services through your site, you must inform users about:
🎯 Always include this if you're selling anything online.
👉 How to create Terms and Conditions for your website
Cookies are a chapter on their own—because most banners out there still don’t comply with the law, even if they look legit.
💡 Using WordPress? Check this out:
👉 What a Google-certified cookie banner looks like
Fines, as always. In 2024 alone, the AEPD issued more than €35 million in sanctions. Many of those could’ve been easily avoided with properly configured texts and cookie setups.
And no—you don’t need to be a big company to get inspected. In fact, most sanctioned websites were small businesses or freelancers.
Not sure if your site is compliant? Don’t worry—we’ve got you.
🔍 Scan your website for free with Lawwwing
In just a few seconds, you’ll know what’s missing and how to fix it.
