UK GDPR compliance scanner
UK GDPR mirrors EU GDPR closely but is enforced independently by the ICO under its own guidance — including specific positions on cookie lifetime, consent validity, and GCM v2. Tag Leak audits the technical requirements the ICO actually checks for.
Free scan · No signup · Every scan covers all 6 major privacy regulations
Technical checks
These are scanner-detectable technical requirements. Regulatory compliance also requires legal review of your policies, contracts, and data processing activities.
PECR (Privacy and Electronic Communications Regulations) requires that cookies and trackers that are not strictly necessary fire only after the user actively accepts. Tag Leak captures every network request, cookie, and storage write before consent interaction and flags violations by vendor, endpoint, and timestamp.
The ICO's cookie consent guidance is explicit: Reject All must be as easy to access as Accept All. Pre-ticked boxes, confusing layering, and accept-on-scroll are invalid. Tag Leak tests whether your CMP actually blocks tracking before consent — not just whether a banner is visible.
The ICO position (aligned with CNIL guidance) treats tracking cookies with lifetimes exceeding 13 months as disproportionate. Tag Leak checks the expiry date of every pre-consent cookie and flags any that exceed 396 days as a critical violation — separate from the firing issue.
GCM v2 is required for compliant GA4 and Google Ads measurement when users are in the UK. Tag Leak checks all seven GCM v2 parameters and verifies that default consent states are 'denied' before consent is given — a common misconfiguration that results in unrestricted data collection.
If your CMP is IAB-registered, it must implement TCF v2.2 correctly. Tag Leak calls __tcfapi directly and checks version (v2.2 vs outdated v2.0), event status, TC string presence, and consent status for all 11 IAB purposes.
UK GDPR Article 32 requires appropriate technical measures to protect personal data in transit and at rest. Tag Leak checks six security response headers — HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy.
ICO enforcement actions look at the entire site, not just the homepage. Tag Leak discovers pages from your sitemap and scans up to 100 in parallel. Pages where consent banner is absent or ineffective are flagged individually.
Your UK GDPR result is presented as a 0–100 score with per-check pass/fail detail. Checks include: consent banner detected, pre-consent trackers absent, cookie lifetimes within 13 months, GCM v2 correctly configured, TCF v2.2 valid.
Note: UK GDPR and PECR compliance also requires a compliant Privacy Notice, lawful basis documentation for all processing activities, Data Protection Impact Assessments where required, and a mechanism for data subject requests. Tag Leak covers the technical layer — legal counsel should review the rest.
You do not need to select UK GDPR — every Tag Leak scan automatically audits all six major privacy regulations in one pass. Run a single scan and get scores for UK GDPR, GDPR, CCPA, LGPD, POPIA, and PDPA simultaneously.
Free scan. No signup. Results in 60 seconds.
Every Tag Leak scan also audits GDPR · UK GDPR · CCPA · LGPD · POPIA · PDPA automatically.