Your Berlin DSGVO audit, passed first try
You need a WordPress build that survives an external DSGVO audit on day one, with every plugin inventoried for §32 risk and a cookie banner that holds up under a Berlin lawyer’s review. We deliver that package: audit-ready WordPress, documented technical and organisational measures, and an Impressum block that names the right legal entity.
The German rulebook touching the technical layer covers DSGVO Art. 32, IT-Sicherheitsgesetz 2.0 obligations that bleed down from KRITIS operators into their suppliers, BSI Mindeststandards für Webanwendungen, the TMG §5 Impressumspflicht, and TTDSG cookie consent. Knowing where these rules end and where pragmatic engineering begins is what separates a Berlin-relevant developer from someone who just speaks WordPress.
| Regulation | What it covers | What we do |
|---|---|---|
| DSGVO Art. 32 | Technical and organisational measures | Hardened WAF, encrypted off-site backups, 2FA on wp-admin |
| IT-Sicherheitsgesetz 2.0 | KRITIS supplier obligations | Dependency SBOM, continuous vulnerability monitoring |
| TMG §5 + TTDSG | Impressum and cookie consent | Audited Impressum block, server-side consent log |
WordPress developer Berlin: your enterprise partner
A WordPress developer working with Berlin and Brandenburg clients deals with a different rulebook than a generic CMS specialist. The combined weight of DSGVO Art. 32, IT-Sicherheitsgesetz 2.0, BSI Mindeststandards, TMG §5, and TTDSG defines what a usable Berlin build looks like. The deliverable is engineering that maps each rule to a concrete control rather than a compliance PDF nobody reads.
What does a WordPress developer do in the Berlin context?
The work splits into three honest categories. New builds for Mittelstand and start-up clients who need a public site, a content workflow, and usually a WooCommerce or marketing-automation layer. Rescue projects for existing installations: a Mittelstand catalogue site dragged down by twenty-plus plugins and a TTFB above 1.5 s, an Elementor build that started crumbling under Black Friday traffic, a multilingual site whose hreflang got broken in a hosting migration. And ongoing operations: monthly patching, security monitoring, BSI-grade backup verification, plus the renegotiated change requests that come with year three of any platform.
When WordPress fits and when it does not
WordPress is not the answer for every Berlin brief. A short trade-off map keeps the conversation honest:
| Scenario | Best fit | Why |
|---|---|---|
| Mittelstand corporate site, blog, lead-gen, multilingual | WordPress | Editorial workflow maturity, plugin ecosystem, lower TCO than headless rebuilds |
| Public-sector portal, BITV 2.0 accessibility audit, federal procurement | TYPO3 | Native multi-site governance, established in DE public sector, TYPO3 Association ecosystem |
| Enterprise commerce, complex B2B pricing, ERP-tight | Shopware 6 / commercetools | DE-native commerce primitives, enterprise tax and B2B logic out of the box |
| Mid-market shop, content-driven commerce, blog plus catalogue | WooCommerce | Content and commerce on one stack, JTL-Wawi or Plentymarkets bridges available |
| Static marketing site, headless content, JAMstack-first | Astro / Next.js with WP as headless source | Edge delivery, lower TTFB, separates editorial from delivery |
If the brief says “we need a fast, editable, lead-generating site that the marketing team can actually run,” WordPress almost always wins. If it says “we need ERP-driven B2B commerce with role-based pricing for 4 000 SKUs,” WooCommerce is rarely the right answer and the conversation should pivot to Shopware or commercetools.
JTL-Wawi vs WooCommerce for DE shops
A lot of Berlin and Brandenburg retailers already run JTL-Wawi as their merchandise system. The decision tree is short: if the shop is the source of truth for products and stock, WooCommerce works on its own; if JTL-Wawi is the source of truth (which it usually is for anyone with a physical warehouse), the JTL-Connector for WooCommerce becomes the integration backbone. Plentymarkets has its own bridge and is more common with cross-channel sellers feeding eBay, Amazon DE, and Kaufland.
Our WordPress services
Real engineering work on a Berlin project, not a feature list.
Custom theme and block development
Custom block patterns built against the brand system, not a Divi or Avada export. Editorial autonomy is the deliverable: marketing publishes new pages without opening a ticket. We work with Gutenberg block.json registration, theme.json design tokens, and ACF Pro flexible content where the editorial team needs guardrails the core block library does not provide. Performance budgets are agreed up-front: LCP under 2.5 s on a Telekom 4G median connection, CLS under 0.1, INP under 200 ms.
WooCommerce shops with German payment and shipping reality
Payment integrations that actually convert in DE: Klarna (Pay Now, Pay Later, Slice It), SOFORT/Sofortüberweisung via the Klarna unified gateway, giropay where the bank participates, Mollie or Stripe for cards plus SEPA Direct Debit, AmazonPay for cart abandonment recovery, PayPal for the long tail. Each gateway has its own refund flow, dispute window, and DSGVO data-processing agreement, and the checkout has to surface the right one without a 30-script tag manager build.
Shipping is the other half. DHL via the official Business Customer Portal API, DPD, Hermes, GLS, plus Sendcloud as a multi-carrier orchestrator when volume justifies it. Pickup point selection (Packstation, DHL Filiale, DPD Pickup) is a conversion lever for younger urban buyers and worth the integration effort. VAT (MwSt) on cross-border EU sales runs through the OSS scheme, and the shop has to issue Rechnungen that satisfy §14 UStG including the seller’s USt-IdNr.
Plugin development and integrations
Custom plugins where the marketplace stops. JTL-Connector configurations beyond defaults, Plentymarkets bridges, headless-friendly REST and GraphQL endpoints, Hubspot/Pipedrive/CentralStationCRM hooks, datev export for accounting handoff, and webhook listeners for Lieferando-style operations dashboards. Code follows PSR-12 and WPCS, ships with PHPUnit coverage, and goes through a Bitbucket or GitLab pipeline before it lands in staging.
Performance and Core Web Vitals on German hosting
Hosting choice drives more performance than any plugin. Mittwald in München, Raidboxes in Münster, Hetzner Cloud in Falkenstein/Nürnberg, IONOS in Karlsruhe, each has different DSGVO posture, support depth, and PHP/MySQL tuning headroom. The TTFB war story I tell most often: a Mittelstand catalogue site at 1.8 s TTFB, post-LCP 4.1 s, INP over 400 ms. The fix was not “install a cache plugin.” It was killing two analytics scripts that were duplicating each other, replacing a slider plugin with a single LCP image plus preload, moving from shared hosting to a Hetzner CX31 with object cache via Redis, and clearing the dead post-meta from a stalled WP-All-Import job. TTFB landed at 280 ms, LCP at 1.4 s.
DSGVO, security, and ongoing operations
Security on a Berlin site is more than a Wordfence install. Hardening that maps to the BSI Mindeststandards: 2FA on every wp-admin account, restricted XML-RPC and REST endpoints, file integrity monitoring, encrypted off-site backups with verified restore drills (the un-tested backup is not a backup), and a documented Vorfallreaktionsplan that names who calls who when something hits. DSGVO Art. 32 expects “appropriate technical and organisational measures” and the ICO-equivalent posture is what an auditor reads first.
The Berlin market
A few honest segments, drawn from real briefs.
Berlin start-up scene
Factory Berlin in Mitte and Görlitzer Park, Silicon Allee around Rosenthaler Platz, the Adlershof technology park out in Treptow-Köpenick. Fintech and proptech founders coming in via SAP.iO or APX. The brief is almost always: marketing site fast, lead capture into HubSpot or Pipedrive, blog with editorial workflow, a careers page that integrates with Personio or Greenhouse. Time-to-launch is usually four to eight weeks; the architecture has to survive the Series A pivot that happens six months later.
Berlin Mittelstand and Brandenburg manufacturers
Companies headquartered along the S-Bahn ring or out toward Brandenburg, often with a B2B catalogue, dealer locator, and downloadable spec sheets. Compliance burden is heavier here: §14 UStG invoicing, Impressum that names the Geschäftsführung and HRB number, datev export for the Steuerberater, and frequently a customer portal behind a login that demands real role-based access control rather than a Members plugin.
Creative industry and media
Agencies, design studios, film production houses, and the publishing-adjacent media companies that cluster around Mitte and Friedrichshain. The brief tilts toward bespoke design, video-heavy hero sections, project case studies with real load behaviour, and editorial workflows that survive a freelance journalist filing from a phone in a co-working space.
Local SMEs
Handwerk, gastronomy, professional services, the Kiez-level businesses. Local SEO and a Google Business Profile that actually gets updated matter more than headless architecture. WPML or Polylang where the second language is English (Berlin’s de-facto international language), Italian, Turkish, or Vietnamese depending on the neighbourhood.
Our development process
Every project moves through analysis, design, development, staging review, and launch. Bitbucket or GitLab for version control, feature branches with peer review, automated PHPUnit and Cypress where coverage is justified, staging on the same hosting class as production. Launches happen during low-traffic windows (typically Tuesday or Wednesday morning Berlin time, never Friday afternoons), with a documented rollback path before the DNS changes.
Pricing
All pricing is individual and based on project scope. Fixed-price projects for clearly scoped briefs, time and materials for ongoing work, monthly retainers for operations and support. Initial consultation is free and usually surfaces enough to decide whether WordPress is even the right answer. Contact us to talk through your Berlin project.
