Quick answer: A GDPR website scanner analyzes your site for privacy compliance issues — from cookie consent banners and privacy policies to tracking scripts and security headers. With PrivacyChecker's free tool, you get a full compliance report in under 60 seconds.
Why You Need a GDPR Website Scanner
Since the GDPR came into force in May 2018, every organization processing personal data of EU residents must comply with strict data protection rules. This applies to every website owner — from solo entrepreneurs to multinationals.
Most websites unknowingly violate the GDPR. The most common issues include:
- Missing or broken cookie consent banners
- Incomplete or outdated privacy policies
- Tracking without consent (Google Analytics, Facebook Pixel)
- Missing SSL/TLS encryption (no HTTPS)
- External resources like Google Fonts loaded without consent
- No Data Protection Officer (DPO) contact listed
GDPR Fines: The Financial Risk
Data protection authorities across Europe are actively enforcing the GDPR. The potential penalties are significant:
| Violation | Maximum Fine | Example |
|---|---|---|
| Severe (Art. 83(5)) | €20M or 4% of annual revenue | No legal basis for data processing |
| Less severe (Art. 83(4)) | €10M or 2% of annual revenue | Missing technical measures |
| Google Fonts CDN (Munich ruling) | €100 per page view | IP transfer to Google without consent |
| Missing cookie banner | Up to €300,000 | CNIL/DPA enforcement actions |
What Does a GDPR Scanner Check?
A comprehensive GDPR website scanner analyzes your site across multiple categories:
1. Cookie Analysis
- Which cookies are set? (First-party, third-party)
- Are cookies set before consent is given?
- Are all cookies declared in the privacy policy?
- Do cookie lifetimes comply with guidelines (max. 13 months)?
2. Consent Banner Check
- Is a cookie consent banner present?
- Does it offer a genuine reject option (not just "Accept")?
- Are dark patterns used (e.g., highlighted accept button)?
- Does the reject button actually work technically?
3. Privacy Policy
- Is a privacy policy present and complete?
- Does it contain all mandatory disclosures under Art. 13 GDPR?
- Is a Data Protection Officer listed?
- Are third-country transfer details up to date?
4. Security Check
- HTTPS/SSL: Is the connection encrypted?
- HSTS: Is HTTP Strict Transport Security enabled?
- Security Headers: Content-Security-Policy, X-Frame-Options, etc.
- SPF/DKIM/DMARC: Email authentication configured?
5. Trackers & External Services
- Which third-party trackers are embedded?
- Are Google Analytics, Facebook Pixel, or similar loaded before consent?
- Are Google Fonts loaded via CDN (IP transfer issue)?
- Are external resources loaded without consent?
How to Run a GDPR Scan in 3 Steps
- Enter your URL: Type your domain on privacychecker.pro
- Automatic analysis: Our scanner checks up to 200 pages for GDPR violations
- Get your report: Receive a detailed compliance score with actionable recommendations
Most Common GDPR Violations Found on Websites
| Rank | Violation | Frequency | Risk Level |
|---|---|---|---|
| 1 | Tracking without consent | 67% of websites | High |
| 2 | No proper cookie banner | 58% | High |
| 3 | Google Fonts via CDN | 43% | Medium |
| 4 | Incomplete privacy policy | 41% | Medium |
| 5 | Missing SSL encryption | 12% | Critical |
Free vs Pro GDPR Scanner
| Feature | Free | Pro | Pro+ |
|---|---|---|---|
| Pages scanned | 20 | 100 | 200 |
| Cookie analysis | Yes | Yes | Yes |
| Tracker detection | Yes | Yes | Yes |
| Security headers | Yes | Yes | Yes |
| Dark pattern detection | Limited | Full | Full |
| Domain risk analysis | — | Yes | Yes |
| Email security check | — | Yes | Yes |
| PDF export | — | Yes | Yes |
| Supply chain analysis | — | — | Yes |
| Fine risk estimate | — | — | Yes |
After the Scan: Priority Actions
Your GDPR scan results show exactly where action is needed. Prioritize fixes by risk level:
- Critical: Enable HTTPS, stop tracking without consent
- High: Fix cookie banner, complete privacy policy
- Medium: Self-host Google Fonts, configure security headers
- Low: Optimize cookie lifetimes, review meta tags
Frequently Asked Questions
How often should I run a GDPR scan?
At least quarterly or after any change to your website. New plugins, marketing tools, or CMS updates can silently introduce new trackers. With PrivacyChecker Pro, you can set up automatic monthly scans.
Does the GDPR apply to small businesses?
Yes. The GDPR applies to all organizations processing personal data of EU residents — regardless of company size. Even a sole trader with a simple website must comply with the GDPR.
What is the difference between GDPR and national privacy laws?
The GDPR is the EU-wide regulation that applies directly in all member states. National laws like Germany's BDSG or France's Loi Informatique et Libertés supplement the GDPR with country-specific rules — for example, Germany requires a Data Protection Officer when 20 or more employees regularly process personal data.