Does your company’s website comply with the requirements of the EU General Data Protection Regulation (GDPR)? Does your privacy policy correctly indicate which personal data is processed on your website? Does your website need a cookie consent banner?

Get clarity with our data protection review of your company’s website! One of our legal specialists will check your website against all matters concerning data protection law.

Upon completion of the review, you will receive a comprehensive report. In the report, you’ll find amendments to your website as well as advice pertaining to the appropriateness of technologies or, for example, if consent is required.

If you wish, you can also receive a draft of legally compliant text for your privacy policy – you can add this option in your order.

Add to cart Excluding 19% tax

What's involved in assessing a website for legal compliance in data protection?


Website overview

First, we carry out an overview of your website. What are the functions? What tracking mechanisms process personal data? What plugins send personal data to third parties?

Process check

During the actual data protection review, we will analyse how you collect, store, and transmit personal data on your website. Upon completion of the review, we check if you inform your website visitors in a data protection compliant way, i.e. transparently and fully. We also check if you obtain the necessary consent and if the technical security of your website ensures an appropriate level of protection for the personal data collected.

Review report and recommendations

In the comprehensive review report, you will see our amendments, if applicable, and our concrete suggestions for making your website GDPR compliant.

Draft of the privacy policy

If you’ve added this option to your order, you will get a complete draft of the legal text of the privacy policy for your website. If applicable, we will consult you regarding questions on processors.

Frequently asked questions about website data protection review

Who should do the website data protection legal review?

Almost all websites process personal data in one way or another and therefore fall under the regulatory requirements of the GDPR. Whoever implements cookies, stores server logs, receives messages via contact or application forms, offers newsletter registration, or sets up tracking and analysis tools or third party technologies, must fulfil the requirements of the GDPR.

The following principles apply: The more personal data that is collected on your website, the more complex the data processing is, the more data that is transmitted to third parties (such as social networks) and the more sensitive the collected data is (such as health data), the more difficult it is to fulfil the GDPR requirements on information of data subjects as well as to implement the technical and organisational measures to protect data.

Why is a data protection compliant website so important?

It is often a challenge to design a data protection compliant website because several points must be considered. But it is quite easy for an experienced person to find violations of the GDPR requirements on a website. The risk of grievances by data subjects is accordingly high and thereby the accompanying risk or imposed fines by a regulatory authority.

What are the most important data protection requirements for websites?

One of the most important requirements of controllers is transparency in providing information to data subjects about the processing of their personal data and their rights as well as these processes (regarding the rights of the data subjects).

Website operators must inform website visitors about what data will be processed and the purpose. In addition, the website operator must clearly explain how website visitors can exercise their rights.

Another relevant data protection legal requirement is the legality of data processing (Art. 6 GDPR together with Art. 7 GDPR). Consent is required, if data processing is not justified by legitimate interests or contractual execution. In the case of websites, this includes cookie consent banners, in particular.

Further, a website operator must ensure the security of the data processing according to Art. 32 GDPR.

Service description of website data protection review

Please observe the following notes regarding the scope of services of our website review:

  1. The website review includes only the legal aspects of data protection . We will check for obvious personal data processing on the website and adapt them to the GDPR requirements. We will indicate the areas of non-compliance and how deviations from the requirements can be remedied. We will not check for legal compliance with laws other than the GDPR and if applicable, the UK Data Protection Act (DPA) 2018.
  2. The website review includes a website in English. A website is understood to be all available content under one domain in one language (e.g. If you would like to get an review of many websites under many domains or subdomains or in many languages please contact us so that we can prepare a customised proposal for you.
  3. The website review includes up to five analysis and tracking technologies (e.g. Google Analytics, pixel solution of social media, cookies, third party marketing plugins). If you have more than five analysis and tracking technologies, please contact us, so that we can prepare a customised proposal for you.
  4. The website review can end in the result that your website’s processing of personal data is (partially) not compliant with the GDPR. We will inform you if this is the case. Not included is our finding a solution to develop GDPR compliant data processes.
  5. The service has been rendered when a review report is submitted on the data protection legal evaluation of (1) the processing of personal data on the website, (2) the legality of the privacy policy and (3) the security of the data processing.
  6. The draft of the privacy policy is included in the service scope, if this option has been ordered. This can include editing and supplementing an existing privacy policy. Any type of technical implementation, such as the implementation of cookie opt out links, for example, is not included. Any changes to the draft beyond corrections and additions that are irrelevant to the law will result in the expiry of any liability.
  7. The service will be rendered typically within a maximum of 15 workdays after receipt of all necessary information. Should the work last longer, for example, due to high complexity of the website to be assessed, we will let you know immediately.