GDPR compliance is not a one-time task — it is an ongoing process. Our scanner checks over 34 critical points on your website to identify potential violations. Here is the complete breakdown of what we check and why each matters.
Skip the manual checklist — get an instant automated audit:
Start Free GDPR Scan →Cookie & Tracking Compliance
1. Prior Consent for Cookies
Non-essential cookies (analytics, marketing) must not load before user consent. This is the #1 violation we find.
2. Consent Banner Visibility
Your banner must appear immediately and be clearly visible on all pages.
3. No Pre-Ticked Boxes
Consent must be active opt-in, not passive. Pre-ticked boxes are illegal under GDPR.
4. Easy Reject Option
It must be as easy to reject as to accept cookies. "Reject All" should be equally prominent.
5. Third-Party Script Blocking
Google Analytics, Facebook Pixel, and similar trackers must be blocked until consent is given.
Privacy & Transparency
6. Privacy Policy Present
A comprehensive, up-to-date privacy policy must be easily accessible from every page.
7. Cookie Policy Detail
Your policy must list all cookies, their purposes, and retention periods.
8. Data Controller Information
Company name, address, and contact details must be clearly stated.
9. Purpose of Processing
Users must understand exactly why you are collecting their data.
10. Data Retention Periods
You must specify how long data is kept and why.
User Rights & Control
11. Right to Access
Users can request copies of their personal data you hold.
12. Right to Deletion
Users can request complete erasure of their data ("Right to be Forgotten").
13. Right to Object
Users must be able to opt-out of processing at any time.
14. Data Portability
Users can request their data in a machine-readable format.
Technical Security
15. HTTPS Encryption
All data transmission must be encrypted. No exceptions.
16. Secure Forms
Contact and signup forms must use secure methods and validate input.
17. No Sensitive Data Leaks
Check that personal data is not exposed in URLs or error messages.
Third-Party & International
18. Data Transfer Agreements
If using non-EU services (Google, AWS US), ensure Standard Contractual Clauses (SCCs) are in place.
19. Processor Contracts
All third-party services processing your users' data must have Data Processing Agreements.
20. Sub-Processor Disclosure
You must inform users about any sub-processors involved in data handling.
Bonus: Ongoing Maintenance
21. Regular Cookie Audits
Cookies change — audit quarterly to catch new trackers.
22. Consent Record Keeping
Maintain records of when and how consent was obtained for each user.
Ready to check your website? Run our free GDPR scanner to see how many of these 34+ checkpoints your site passes in 60 seconds.