GDPR & Cookie Risk Scanner
Enter a URL. We detect 20+ common trackers, the major consent platforms, missing privacy and cookie policies, and flag what the EU regulators actually look for.
What we actually check
We fetch the page HTML once (no headless browser, no follow-on requests) and look for fingerprints of 20+ commonly-deployed trackers, the major consent management platforms, and links to your privacy, cookie, and terms pages. Trackers that require consent under GDPR are separated from essential ones like Stripe.js or privacy-friendly analytics such as Plausible.
Why a banner alone isn't enough
A common failure mode: install a banner but fire Google Analytics and Meta Pixel anyway on page load. That violates Article 6 because consent must be obtained before processing. Use Google Consent Mode v2 (or your CMP's equivalent) to actually gate the tags. The Dutch AP, CNIL, and Garante have all issued fines on exactly this failure in the last two years.
The honest limit of a public scan
A URL scan sees what an unauthenticated visitor sees. It cannot see your DPA stack, your data residency, your retention policies, or your DSR workflow. The iSystem platform supports compliance posture — but the operator still has obligations only a human can satisfy. We are explicit about that distinction.
Other diagnostics in the iSystem toolkit
- 3 minAI Automation Opportunity ScannerAnswer ten questions about your operation. Get a ranked roadmap with hours saved per month, a recommended stack, and an honest readiness score.
- 2 minWorkflow Automation ROI CalculatorCost out your repetitive work, model automation coverage, see payback in months — not a generic spreadsheet.
- 2 minAI Tool Stack RecommenderTell us your sector, team size, and monthly budget. Get three tiers — Starter, Growth, Automation — with monthly cost, setup time, and an honest sequence.
- 2 minAI Visibility Readiness CheckerAudit a page against the signals ChatGPT, Perplexity, and Google's AI Overviews use to decide who gets cited.
- 2 minCustomer Support Automation ReadinessShould you reach for a chatbot, an AI phone agent, or stay human-only? Get a readiness score, a recommended approach, and a realistic ROI estimate.
- 1 minMultilingual Review Response DrafterPaste a Google or Trustpilot review. Get a sober, locale-correct reply in EN, NL, or AR — drafted to be edited, not posted blindly.
- 1 minConversion & Lead-Magnet AuditAudit a landing page for the things that actually move conversion: CTA verbs, trust signals, lead magnets, contact options, AI-readiness — not generic SEO.
- 4 minNL ZZP Service Agreement GeneratorGenerate a Dutch ZZP service agreement with Wet DBA-aware clauses, 21% BTW language, live preview, and print-to-PDF — fully in your browser.
Frequently asked questions
Does a clean scan mean my site is GDPR compliant?
No — compliance also covers contracts (DPAs), data residency, retention policies, and DSR handling, which a URL scan can't see. This tool catches the most common public-facing failures: missing banners, missing policies, and trackers that fire pre-consent. It's the first 30%, not the whole picture.
I have a consent banner but you didn't detect it. Why?
We fingerprint the major CMPs (Cookiebot, OneTrust, CookieYes, Termly, iubenda, Osano, Quantcast) and the common cookie-consent scripts. Custom-built banners can slip through. Email the URL and we'll add the fingerprint — it makes the tool more useful for the next operator too.
We use Google Tag Manager — is GTM itself a problem?
GTM is the loader, not the tag — but the tags it deploys (GA4, Google Ads, Meta Pixel) almost always require consent. Wire GTM to your CMP using Consent Mode v2 so non-essential tags don't fire pre-consent.
What changed in EU enforcement recently?
Dutch AP, Belgian APD, French CNIL, and Italian Garante are all issuing fines for analytics that fire pre-consent or for missing Article 13 disclosures. The bar moved in the last two years; an audit from 2022 is not enough.
Tools we recommend
Hand-picked partners
These are partner links. We may earn a commission if you sign up — it doesn't cost you anything extra, and we only list tools we use in production.