UK GDPR compliance scanner
UK GDPR mirrors EU GDPR closely but is enforced independently by the ICO under its own guidance — including specific positions on cookie lifetime, consent validity, and GCM v2. Tag Leak audits the technical requirements the ICO actually checks for.
Free scan · No signup · Every scan covers all 6 major privacy regulations
Technical checks
These are scanner-detectable technical requirements. Regulatory compliance also requires legal review of your policies, contracts, and data processing activities.
PECR (Privacy and Electronic Communications Regulations) requires that cookies and trackers that are not strictly necessary fire only after the user actively accepts. Tag Leak scans your site in a real browser before any consent interaction and flags every violation by vendor, tag, and page.
The ICO's cookie consent guidance is explicit: Reject All must be as easy to access as Accept All. Pre-ticked boxes, confusing layering, and accept-on-scroll are invalid. Tag Leak tests whether your CMP actually blocks tracking before consent — not just whether a banner is visible.
The ICO position (aligned with CNIL guidance) treats tracking cookies with lifetimes exceeding 13 months as disproportionate. Tag Leak checks cookie expiry dates and flags any pre-consent cookies that exceed this threshold as a separate violation.
GCM v2 is required for compliant GA4 and Google Ads measurement when users are in the UK. Tag Leak checks all seven GCM v2 parameters and verifies that default consent states are 'denied' before consent is given — a common misconfiguration that results in unrestricted data collection.
If your CMP is IAB-registered, it must implement TCF v2.3 — enforcement began March 2026. Tag Leak verifies version compliance (v2.3 vs expired v2.2 vs outdated v2.0), validates the mandatory disclosedVendors segment, and audits consent status for all 11 IAB purposes.
UK GDPR Article 32 requires appropriate technical measures to protect personal data in transit and at rest. Tag Leak checks six security response headers — HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy.
ICO enforcement actions look at the entire site, not just the homepage. Tag Leak discovers pages from your sitemap and scans up to 100 pages per scan. Pages where consent banner is absent or ineffective are flagged individually.
Your UK GDPR result is presented as a 0–100 score with per-check pass/fail detail. Checks include: consent banner detected, pre-consent trackers absent, cookie lifetimes within 13 months, GCM v2 correctly configured, TCF v2.3 valid.
Note: UK GDPR and PECR compliance also requires a compliant Privacy Notice, lawful basis documentation for all processing activities, Data Protection Impact Assessments where required, and a mechanism for data subject requests. Tag Leak covers the technical layer — legal counsel should review the rest.
You do not need to select UK GDPR — every Tag Leak scan automatically audits all six major privacy regulations in one pass. Run a single scan and get scores for UK GDPR, GDPR, CCPA, LGPD, POPIA, and PDPA simultaneously.
Free scan. No signup. Results in 60 seconds.
Every Tag Leak scan also audits GDPR · UK GDPR · CCPA · LGPD · POPIA · PDPA automatically.