What is a GDPR compliance audit?

A GDPR compliance audit is a systematic review of how your organization processes personal data, assessing compliance with GDPR requirements including Article 32 security measures, data subject rights, consent management, and data processing agreements.

How much does a security audit cost?

Our security audits start with a free initial assessment. Comprehensive GDPR compliance audits and penetration testing packages are priced based on scope, infrastructure size, and complexity. Contact us for a customized quote.

What is the GDPR fine for non-compliance?

GDPR fines can reach up to 4% of annual global turnover or €20 million, whichever is higher. Our compliance audits help identify and fix gaps before regulators do, protecting your business from these substantial penalties.

How long does a GDPR compliance audit take?

A standard GDPR compliance audit takes 2-4 weeks depending on the size and complexity of your organization. We provide a detailed report with findings, risk ratings, and remediation steps.

Do you offer ongoing security monitoring?

Yes, we provide 24/7 continuous security monitoring with real-time alerts for threats, vulnerabilities, and compliance drift. Our monitoring platform scans your infrastructure continuously and notifies you immediately of any issues.

← Back to Blog

privacy8 min read·April 18, 2026

Cookie Consent Best Practices for Modern Websites

DSL

Dr. Sophie Laurent

Head of Data Protection

/The Consent Gate

Under the ePrivacy Directive and GDPR, you must obtain explicit consent before storing or accessing non-essential cookies on a user's device. This means no third-party analytics, marketing pixels, or tracking scripts should load before the user has given clear, informed consent.

⚠Pre-loading trackers before consent is obtained is one of the most common GDPR violations and an instant compliance fail during audits.

/Implementation Requirements

Block all non-essential cookies until explicit consent is given
Provide granular controls (analytical, marketing, necessary categories)
Make rejection as easy as acceptance (no dark patterns)
Display consent banner on first visit, not after a delay
Store consent preferences and respect them on return visits
Provide a persistent link to modify consent settings

/Google Analytics Compliance

Using Google Analytics requires special attention. Set default consent to "denied" using gtag consent mode, only activate analytics storage after user opt-in, and implement server-side anonymization of IP addresses.

javascript

// Correct: Set default consent BEFORE loading GA
gtag('consent', 'default', {
  'analytics_storage': 'denied',
  'ad_storage': 'denied',
  'ad_user_data': 'denied',
  'ad_personalization': 'denied'
});

// Only update after explicit user consent
function onConsentGranted() {
  gtag('consent', 'update', {
    'analytics_storage': 'granted'
  });
}

Our scanner checks your website for cookie consent compliance including pre-consent loading, banner visibility, opt-out mechanisms, and consent storage. Run a free scan to identify gaps.

CookiesConsentGDPRePrivacyTracking

Get Your Free Audit