GDPR Compliance Scanner

My site has a privacy policy linked in the footer

Required by GDPR Art. 13-14. Must be accessible from every page.

I show a cookie consent banner on first visit

Required for non-essential cookies under GDPR and the ePrivacy Directive.

My cookie banner has a 'Reject All' button at the same level as 'Accept All'

Regulators require equal prominence for rejection. Pre-ticked boxes are invalid.

No checkboxes are pre-ticked in my consent forms

GDPR requires affirmative opt-in. Pre-ticked = invalid consent.

I have signed Data Processing Agreements with my vendors (hosting, email, analytics)

GDPR Art. 28 requires a DPA with every data processor.

Users can request deletion of their data and I respond within 30 days

Right to Erasure (GDPR Art. 17). Failure is a common enforcement target.

Users can request a copy of their personal data (DSAR)

Right of Access (GDPR Art. 15). Must be fulfilled within 30 days at no charge.

I have a process to detect and report data breaches within 72 hours

GDPR Art. 33 requires notification to supervisory authority within 72 hours.

I have documented the lawful basis for each type of personal data I process

GDPR Art. 6. Consent, contract, legal obligation, or legitimate interest.

I delete personal data when it is no longer needed for its original purpose

Storage Limitation principle (GDPR Art. 5(1)(e)).