Scanned 200+ SMB websites for GDPR issues — here are the 5 failures I see on almost every site
I’ve been running automated compliance scans on European SMB sites for the past few months. Same problems come up constantly:
1. Google Analytics/Ads firing before consent — the single most common issue, on ~70% of sites
2. Cookie banners that set non-essential cookies even when you click “reject”
3. No Consent Mode v2 despite running Google Ads (which now breaks conversion tracking too)
4. Privacy policies that name tools the site doesn’t use anymore, and miss ones it does
5. Email/PII leaking into URL parameters passed to third parties
Happy to answer questions about how to check any of these on your own site.