Insights

GDPR & Imprint: What Your Website Actually Needs in Austria

What legal requirements does a website need in Austria? Imprint, privacy policy, cookie banners – a clear overview for self-employed people.

Team Half99 22 May 2026 4 min read

You have a website – or you’re planning one. Then you’ve probably wondered: do I really need an imprint? Do I need a cookie banner? What exactly is GDPR?

Here are the answers – clearly explained, without legal jargon.

Note: This article is not legal advice. For specific questions, we recommend consulting a lawyer or the Austrian Economic Chamber (WKO).

The Imprint: Required for Every Business Website

In Austria, the E-Commerce Act (ECG) and the Commercial Code (UGB) regulate what must appear on a business website. The rules apply to anyone running a website for commercial purposes – including freelancers and sole traders.

What Must Be in the Imprint?

  • Full name (for sole traders: your legal name)
  • Address (no PO box – a real address)
  • Contact option (email address or phone number)
  • Legal form and company register number (for GmbH, OG, KG, etc.)
  • VAT number (if registered for VAT)
  • Responsible authority (e.g. Magistratisches Bezirksamt Wien)
  • Chamber membership (if applicable, e.g. WKO)
  • Professional title and applicable law (for regulated professions such as doctors, lawyers)

The imprint must be accessible from every page of your website – usually via a link in the footer.

What Does a Missing Imprint Cost?

Warning letters from competitors or legal firms can be expensive. Fines of up to €2,000 are possible. It’s not worth the risk – an imprint can be set up in 15 minutes.

The Privacy Policy: GDPR in Practice

The General Data Protection Regulation (GDPR) has applied throughout the EU since 2018 – including Austria. It defines how personal data may be collected, stored, and processed.

When do you need a privacy policy? Whenever your website processes personal data. This includes:

  • Contact forms (name, email address)
  • Google Analytics or other tracking tools
  • Social media buttons (Facebook, Instagram)
  • Newsletter sign-ups
  • Booking systems

In short: almost every business website.

What Must the Privacy Policy Contain?

  • Who is responsible for the data? (Name, address)
  • What data is collected and why?
  • How long is data stored?
  • Who is data shared with? (e.g. Google, email providers)
  • What rights do users have? (access, deletion, objection)
  • Contact details of the data controller

The privacy policy must be accessible from every page, just like the imprint.

This is the most common question. The honest answer: it depends.

Cookie banners are only required if you use non-technically necessary cookies – meaning tracking and marketing cookies such as Google Analytics, Facebook Pixel, or advertising networks.

Technically necessary cookies (e.g. for login sessions or security functions) do not require consent.

If your website only has a simple contact form and no tracking, you technically don’t need a cookie banner. That said, privacy experts recommend one as soon as you embed any third-party services – better safe than sorry.

Important: A cookie banner that defaults to “Accept all” is illegal. Users must be able to actively consent.

The Fines – Why This Should Be Taken Seriously

The Austrian Data Protection Authority (DSB) issues fines for GDPR violations. The legal scale is wide:

  • Minor violations: up to €10 million or 2% of annual global turnover
  • Serious violations: up to €20 million or 4% of annual turnover

In practice, fines for small businesses are considerably lower – but warning letters from competitors and lawyers are a reality in Austria.

  • Imprint present and complete (name, address, email, VAT number)
  • Imprint accessible from every page (footer link)
  • Privacy policy present
  • Privacy policy lists all tools in use (analytics, forms)
  • Cookie banner if tracking cookies are used
  • No pre-ticked “accept” checkboxes
  • HTTPS – the entire website is encrypted
  • Contact form data stored only as long as necessary

The Conclusion

GDPR and imprint requirements sound complicated – but they’re not, once you know what’s needed. The key points can be handled in an hour.

The risk of ignoring them is real: warning letters, fines, and – more damaging still – a loss of trust from clients who notice your website isn’t legally compliant.

At Half99, we build websites that are legally correct from day one. Imprint, privacy policy, cookie solution – all included. Request a free consultation

More articles

Insights

5 Signs Your Website Is Outdated – and What to Do About It

An outdated website costs you clients before they read a single line. These five signs reveal whether your online presence needs an upgrade.

Insights

Instagram Instead of a Website: Why That's an Expensive Mistake

Many self-employed people believe Instagram replaces a website. Here's why that's wrong – and what the right combination looks like.

Insights

Website Costs Vienna: What Is Fair?

Transparent pricing for websites. Understand why websites cost different amounts and what fair pricing looks like.

Ready for a website?

Talk to us about your project. Free, no obligation, personal.

Start free consultation
Back to Insights