Was ist DSGVO-konformes Cookie-Consent in Magento?

DSGVO + TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz) require opt-in before any non-essential cookie or tracker fires. Generic EU banners with a single “Accept all” button are not compliant in Germany — the regulator (LfDI) has issued fines for these.

Compliant Magento setup:

• Granular consent — separate categories for analytics, marketing, personalisation, with equal-prominence “Accept” and “Reject” buttons
• Trusted vendors — Cookiebot, Borlabs Cookie (German-built, popular with DE merchants), Tarteaucitron, or Usercentrics CMP
• Pre-consent block — GTM, Hotjar, Meta Pixel etc. all gated behind consent state
• Audit log — every consent state stored with timestamp + IP-hash for DSGVO Art. 7 evidence

We integrate the CMP at the storefront level so it works for both Luma and Hyvä themes, and configure DSAR / data-export endpoints in the customer account.