A course platform you say? For reasons, I am very familiar with this.
Aside from fonts and CDNs pointed out already in other comments, there is also actual content:
How will you serve videos for example? You should look for a GDPR compliant option for that as well. It may exist, or you can self-host videos up to some point. (It is possible, done that before and it worked well.)
Does your platform offer mentoring? How will course participants talk to mentors? Look for a GDPR compliant option here. Don't use services of Google, MS or others that just suck. Probably look for something like Jitsi Meet hosting, or get capable engineer to set that up on your own infrastructure.
How will people inside your company communicate? Look for options for that. Zulip is easy to self-host for example.
That social icon on your website? It better not be loaded directly from FB, insta and the like!
You want to know what visitors do on your website? Well, self-host a matomo or similar. Don't do the usual reach for Google Shnanalytics.
Don't employ dark patterns in your cookie consent popup. Remember: Rejecting tracking and cookies must not take any longer than accepting it. Highly suggestive colors of the buttons are also a no-go. Be honest.
In general, if anyone suggests using any Google services or MS services, look for other options to avoid trouble and pain later. If you cannot do so now, keep book about all the things you still need to fix, to become actually GDPR compliant.
Aside from fonts and CDNs pointed out already in other comments, there is also actual content:
How will you serve videos for example? You should look for a GDPR compliant option for that as well. It may exist, or you can self-host videos up to some point. (It is possible, done that before and it worked well.)
Does your platform offer mentoring? How will course participants talk to mentors? Look for a GDPR compliant option here. Don't use services of Google, MS or others that just suck. Probably look for something like Jitsi Meet hosting, or get capable engineer to set that up on your own infrastructure.
How will people inside your company communicate? Look for options for that. Zulip is easy to self-host for example.
That social icon on your website? It better not be loaded directly from FB, insta and the like!
You want to know what visitors do on your website? Well, self-host a matomo or similar. Don't do the usual reach for Google Shnanalytics.
Don't employ dark patterns in your cookie consent popup. Remember: Rejecting tracking and cookies must not take any longer than accepting it. Highly suggestive colors of the buttons are also a no-go. Be honest.
In general, if anyone suggests using any Google services or MS services, look for other options to avoid trouble and pain later. If you cannot do so now, keep book about all the things you still need to fix, to become actually GDPR compliant.