Shopware 6 GDPR & privacy

Our best Shopware plugins for GDPR and cookies

Three plugins — and a trap that native management hides.

Shopware has cookie management — but it signals nothing to Google. And a banner that doesn't block documents your breach instead of preventing it.

The problem

Sound familiar?

Native management that signals nothing

It handles groups locally. Consent Mode v2 is a transmission. Not the same thing.

A banner that blocks nothing

It displays while GTM is already firing. It prevents nothing — it records.

Refusing harder than accepting

Bright Accept button, grey link beside it. Both exist — and it's still a breach.

No trace of anything

Without a stored record, your answer in an audit is a claim.

The shortlist

Our selection, ranked

Every module below is built, maintained and supported by our team. The ranking reflects what we would install first on a client store.

  1. No script before the click, refusing as easy as accepting, Consent Mode v2 actually transmitted to Google, proof retained.

    GDPR cookie consent banner for Shopware 6.6 and 6.7 with native Google Consent Mode v2 (7 signals injected with priority 1 in the head),…

  2. GTM and Consent Mode v2 together. A container that fires without consent is a container that incriminates you.

    Complete Shopware 6.7 plugin for modern e-commerce measurement: Google Tag Manager container, GA4 Enhanced Ecommerce, Consent Mode v2 integrated with the native cookie banner,…

  3. Server-side that only sends what was allowed — even when the event fires later.

    The free Shopware plugin for the DataFirefly Server-Side Tracking service: your purchase conversion sent server-to-server, HMAC-signed, consent-aware, and compatible with our DataFirefly Cookie Consent…

Side-by-side comparison

Module Best for Price Rating Link
DataFirefly Cookie Consent — GDPR/CNIL & Google Consent Mode v2 for Shopware 6 The foundation — it must block and transmit 69.00
Google Tag Manager for Shopware — GTM, GA4 e-commerce, Consent Mode v2 & Enhanced Conversions Where Consent Mode actually arrives 69.00
DataFirefly Server-Side — Shopware conversion tracking (free) Consent that holds to the server 0.00

On Shopware, cookie management exists — but it signals nothing

That’s the trap everyone misses. Shopware has native cookie management: groups, categories, a clean banner. But it manages locally and transmits nothing to Google. Consent Mode v2 isn’t a checkbox — it’s a wiring job.

A banner that blocks nothing is an exhibit for the prosecution

If your GTM is already firing while the banner is on screen, the banner documents your breach rather than preventing it. And it documents it well: you knew the rule.

And the three rules that actually get sanctioned

No tracker before consent. Refusing as easy as accepting. The proof, stored. Everything else is cosmetic — those three decide the fine.

Buying guide

How to choose

The trap Shopware stores miss

Shopware has native cookie management — and that's exactly what lulls you. It handles groups locally; it signals nothing to Google. Consent Mode v2 isn't a backend checkbox, it's a transmission. Without it: correct interface, incomplete advertising data.

Then the three rules that actually get sanctioned

  • No tracker before consent. A block, not a display.
  • Refusing as easy as accepting. Same level, same visibility, same clicks.
  • The proof. Who chose what, and when — stored, not asserted.

And consent has to hold to the server

If you track server-side, the visitor's decision has to travel there too. An event that fires without consent fires unlawfully — just more reliably.

What these plugins don't cover

Your privacy policy, your records of processing, your contracts. That's exactly what a regulator opens first — and no plugin replaces it. Saying otherwise would be dishonest.

What you gain

Consent that actually blocks

No script fires before the click. Native management handles groups — it doesn't always truly block.

Refusing as easy as accepting

Refusing as visible and as fast as accepting. One of the most sanctioned rules in Europe.

Consent Mode v2, actually wired

Consent Mode v2 is a transmission to Google, not a local checkbox. Without it you lose attribution.

The part Shopware doesn't do

Native management handles groups. It signals nothing to Google. Not the same thing.

Provable, not asserted

In an audit you must show who chose what, and when. Without proof, your answer is a claim.

Consent that holds to the server

What the visitor allowed is respected — even when the event fires server-side later.

Implementation

From install to results

  1. Understand what Shopware doesn't do

    Native management handles groups. It transmits nothing to Google.

  2. Block before the click

    If GTM runs while the banner shows, the banner is the evidence.

  3. Make refusing just as easy

    Same level, same visibility, same clicks. One of the most sanctioned rules.

  4. Actually transmit Consent Mode v2

    A backend checkbox isn't a transmission. Wire it.

  5. Store the record

    Without proof, your answer in an audit is a claim.

“We'd enabled native cookie management and felt compliant. In the audit our GTM was already running while the banner was still on screen — and Consent Mode was never transmitted to Google. Two problems in one.”

Customer feedback — Shopware store, cosmetics

Frequently asked questions

Isn't Shopware's native cookie management enough?

No, and that's the most common mistake. Native management handles cookie groups — locally, and correctly. But it transmits nothing to Google. Consent Mode v2 is a wiring job: what the visitor chose has to reach the tag. Otherwise you have a clean interface and incomplete data anyway.

What's wrong with a banner that only displays?

A banner that blocks nothing documents your breach instead of preventing it. It proves you knew the rule. If your GTM is already running while the banner shows, the banner is the evidence.

Does refusing really have to be as easy as accepting?

Yes, and it's one of the most sanctioned rules. Same level, same visibility, same number of clicks. A bright Accept button next to a grey Settings link is a breach, even if both technically exist.

What does Consent Mode v2 have to do with my banner?

Consent Mode v2 is the transmission of consent to Google. Without it you lose attribution and reach — and Shopware's native management doesn't send it on its own. One is the interface, the other is the wiring.

Why store proof of consent?

It shows the moment someone asks what happened on 14 March. Without a stored record of consent, your answer is a claim. With one, it's an answer.

Do these plugins make me GDPR-compliant?

No, and claiming otherwise would be dishonest. These plugins cover the technical side: consent, blocking, transmission, proof. Your privacy policy, your records of processing and your processor contracts aren't included — and those are exactly what a regulator looks at first.

Where do I start?

With blocking and Consent Mode. A banner that truly blocks and transmits consent to Google covers the most urgent part. Server-side tracking that respects the decision comes after — it closes the last gap.

This need on other platforms

Not sure which one fits your store?

Tell us your context — we answer with a straight recommendation, not a sales pitch.