Checking your website's GDPR compliance doesn't have to be complicated. Whether you do it manually or use an automated tool, there are clear things to look for. Here's a practical guide to assessing your own site.
Step 1: Check for HTTPS
Look at your browser address bar. Your website should show a padlock icon and your URL should start with https:// rather than http://. If it doesn't, your site is transmitting data without encryption — a serious GDPR risk that needs fixing immediately.
Step 2: Review Your Privacy Policy
Does your site have a privacy policy? Is it easy to find — typically linked from the footer of every page? Does it cover:
- What data you collect and why
- The lawful basis for processing
- Who you share data with
- How long you keep data
- How users can exercise their rights
- How to contact you about data queries
If you're using a generic template that doesn't reflect what your site actually does, it won't be sufficient.
Step 3: Audit Your Cookies and Tracking
Open your website in a browser and check what cookies and tracking scripts are loading. You can do this using your browser's developer tools (press F12, go to the Application tab, and look at Cookies).
Common tracking tools to look for include:
- Google Analytics
- Facebook Pixel
- Hotjar
- LinkedIn Insight Tag
- TikTok Pixel
For each one, ask: is this disclosed in my privacy policy? Do I have a mechanism to obtain consent before it loads?
Step 4: Test Your Cookie Consent Banner
If you have a cookie consent banner, test it properly. Open your site in a private browsing window (so no previous consent is stored) and check:
- Does the banner appear before any non-essential cookies load?
- Is there a clear way to accept or reject cookies?
- Are analytics and advertising cookies off by default?
- Can users change their preferences after the initial choice?
Step 5: Check Your Forms
For every form on your site — contact forms, newsletter signups, enquiry forms — check:
- Is there a link to your privacy policy near the form?
- For marketing emails, is there an explicit opt-in checkbox (not pre-ticked)?
- Does your privacy policy explain how form submissions are handled?
Step 6: Check Your Security Headers
Security headers are HTTP response headers that protect your site against common attacks. You can check yours using a free tool like securityheaders.com. Key headers to have in place include:
- Content-Security-Policy
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
The Faster Way
Going through these steps manually takes time and requires technical knowledge. ClearlyCompliant automates the entire process — scanning your site across 23 checks and delivering a detailed PDF report with specific recommendations in minutes, for £29.99.
Is Your Website GDPR Compliant?
Find out in minutes with our automated compliance report. 23 checks, AI-powered policy analysis, detailed PDF report — £29.99.
Get Your Report — £29.99