gdpr & dpdp compliance checker

GDPR & DPDP Compliance Checker — Is Your Website Legal?

Privacy regulators in the EU, California, and India are actively fining non-compliant websites. AuditAI checks the most critical compliance signals on your site — free, in seconds.

Check Compliance Now →

What We Check

Five compliance signals that cover the most commonly cited violations by EU, California, and Indian regulators.

GDPR, DPDP

Cookie Consent Banner

A visible banner must appear before any non-essential cookies are set. Pre-ticking boxes or using dark patterns (confusingly labelled buttons) is not compliant.

GDPR, CCPA, DPDP

Privacy Policy Link

A privacy policy must be visible and accessible — typically in the footer. It must explain what data you collect, why, and how users can request deletion.

GDPR, DPDP

HTTPS Encryption

Any site that collects personal data must transmit it over HTTPS. HTTP-only sites are a technical GDPR violation if any personal data (including IP addresses via analytics) is collected.

GDPR

Third-party Script Loading

Analytics, ad pixels, and chat widgets must not load before the user gives consent. Loading Google Analytics before consent is a common violation that has resulted in fines.

All regulations

Data Exposure Risks

Exposed .env files, database backups, or error pages that reveal user data are serious violations under all privacy laws, not just GDPR.

GDPR vs CCPA vs DPDP India — Explained

Three major privacy laws. Different regions, different rules, but one shared principle: users deserve control over their data.

RegulationRegionConsent ModelMax FineKey Requirement
GDPREuropean UnionOpt-in€20M or 4% of global revenueExplicit consent before any data processing
CCPACalifornia, USAOpt-out$7,500 per intentional violation"Do Not Sell My Data" link for California residents
DPDPIndiaOpt-in₹250 crore (~$30M USD)Consent notice in user's language, data fiduciary obligations

Penalties for Non-Compliance Are Real

The EU has issued over €4 billion in GDPR fines since 2018. While the largest fines target tech giants, small businesses and SaaS startups have also been fined for basic violations like missing consent banners or loading Google Analytics without consent.

In India, the DPDP Act 2023 came into full effect and its enforcement body (Data Protection Board) is actively investigating complaints. Indian SaaS founders who collect user data — even only from Indian users — must comply.

The most common violations that result in fines are also the easiest to fix: adding a proper consent banner, linking to a privacy policy, and ensuring HTTPS is enforced. AuditAI checks all three in a single scan.

€746M
WhatsApp
Unlawful data processing (GDPR)
€405M
Instagram
Children's data misuse (GDPR)
$1.2M
Sephora
CCPA opt-out violation

Frequently Asked Questions

Does GDPR apply to my Indian startup?+
Yes, if any EU residents visit your website and you collect their data (including via cookies or analytics), GDPR applies regardless of where your business is located. India also now has its own DPDP Act 2023 with similar obligations.
What does AuditAI check for GDPR compliance?+
We check for a cookie consent banner or notice, a visible link to a privacy policy, HTTPS enforcement (required for secure data transmission), and signs of data exposure. We also check whether third-party scripts are loaded before consent.
What is the DPDP Act (India)?+
The Digital Personal Data Protection Act 2023 is India's federal data privacy law. It requires businesses to obtain explicit consent before collecting personal data, maintain a privacy policy in accessible language, and allow users to request data deletion. Fines can reach ₹250 crore (~$30M USD).
Can this tool guarantee I am fully GDPR compliant?+
No. AuditAI performs a technical surface scan — it checks publicly visible signals like consent banners and privacy policy links. Full GDPR compliance also requires internal processes, data processing agreements with vendors, and proper data retention policies. For legal certainty, consult a data protection lawyer.
What's the difference between GDPR and CCPA?+
GDPR (EU) requires opt-in consent before processing personal data. CCPA (California) operates on an opt-out model — you can process data by default but must allow users to opt out of sale. GDPR has stricter standards, so building for GDPR compliance usually means CCPA compliance is mostly covered.

Related resources

Security Scanner →GDPR Checklist 2025 →SEO Audit →

Check your compliance now

Free scan. No account needed. Results in 30 seconds.

Run Compliance Check →