Free UK GDPR & website-compliance check

UK SMEs face the same compliance demands as large corporations. A website compliant with UK GDPR and PECR, a cookie banner that actually works, a privacy policy that reflects how you really process data. The difference is budget.

A GDPR audit from a law firm costs £2,000–£12,000. A paid CMP starts around £10 per month and scales up fast once traffic exceeds 50,000 visits. For a bakery website, a dentist's practice page, or a small online shop with 20 products, that's disproportionate.

The tools on this page cover the most common checks. They don't replace legal advice. They tell you what's broken and how to fix it, in language your web developer can understand.

Each tool targets a specific point that regulators sanction. The ICO's November 2023 review of the UK's top 100 websites put dozens of operators on notice for non-compliant cookie banners under PECR, with public follow-ups continuing into 2024 and 2025. The same flaws exist, on a smaller scale, across thousands of UK SME websites.

The cookie checker loads your page in a clean browser and checks which cookies are set before any click. If Google Analytics fires on page load, that's a problem. The security headers checker reads your HTTP responses and verifies the presence of CSP, HSTS, X-Content-Type-Options and others. Missing these headers isn't a direct UK GDPR violation, but it weakens your position under Article 32 UK GDPR (appropriate technical measures).

The privacy policy generator produces a document that matches your actual situation: with the right processors, purposes, and retention periods. It's not a copy-paste of a generic template.

Free tools answer one question at a time. Does your cookie banner respect refusal? Are your headers configured? Does your privacy policy cover the requirements of Articles 13 and 14 UK GDPR?

The full scan answers a broader question: is this site ready for an ICO inspection? It covers 7 categories in one pass, produces a shareable report for your web developer, and costs €2.50 for the full report.

For sites with fewer than ten pages and no e-commerce, free tools often suffice. For e-commerce, medical, legal, or any site processing sensitive data, the full scan is worth every cent.

For a first diagnosis, start with the free 60-second scan before moving to individual tools.

Are the free tools really free?

Yes. No signup, no credit card, no 7-day trial. You enter a URL, you get a result. The €2.50 full report is optional and only unlocks the full report from the main scan, not these tools.

Are they suitable for UK sites?

Yes. UK GDPR mirrors EU GDPR in most respects, and PECR adds UK-specific cookie rules. The ICO publishes detailed guidance on cookies and consent that our tools align with.

Can I use these tools to audit a client's site?

Yes. Many web designers, SEO consultants, and agencies use them before delivering a site. If you audit multiple sites per week, the Pro report becomes useful.

Are results legal proof?

No. This is technical analysis. It shows what an automated crawler sees, similar to how an ICO inspector first checks a site's public behaviour. For formal proof, a solicitor or specialist firm is needed.

Is my test data stored?

No. We only scan public pages, like any visitor. We don't store scanned URLs beyond the time needed to display the result.