PrivacyProof · Compliance guide
GDPR + the cookie rules require a clear privacy policy, lawful opt-in for non-essential cookies, and a way for people to exercise their data rights. Check yours in 60 seconds.
This rule applies if you collect personal data from visitors in the EU or UK. Collect data from EU/UK visitors? Check your privacy policy, cookie consent, and data-rights handling. Not sure? The free checker tells you in about a minute — no signup.
In practice, PrivacyProof's checker looks at whether you can answer "yes" to each of these. Each one is a place sellers commonly get caught:
⚠️ Exposure: up to €20M or 4% of global turnover (Art. 83). Status: In force.
Statutory maximums are worst-case ceilings, not a prediction — but they're why this is worth ten minutes now.
If you serve EU/UK visitors and use any non-essential cookies (analytics, advertising), yes — they must load only after the visitor opts in, with a Reject option as easy as Accept.
What data you collect, why, the lawful basis, who you share it with, how long you keep it, international transfers, and how to exercise data rights — in plain language, available at collection.
Up to €20 million or 4% of global annual turnover, whichever is higher — plus regulator orders and reputational damage.
RuleGoose checks this against the EU GDPR (Reg. (EU) 2016/679), UK GDPR + ePrivacy/cookie rules. Read it yourself: EUR-Lex — Regulation (EU) 2016/679 →
or get one RuleGoose Score across every rule that applies to you.
Informational only, not legal advice, and not affiliated with the EU. Last reviewed 2026-06-28.