/ Content Tools / GDPR Kit Fixes

How to Fix Every GDPR Kit Finding

The GDPR Kit scans your site, detects the cookies and trackers it actually uses, and generates the four documents you need: a privacy policy, cookie policy, consent banner and Article 30 data-processing record. This index covers each finding and how to put it right.

New here?
Start with the GDPR Kit Guide, or the GDPR Guide for what the law requires.
Not legal advice: the GDPR Kit produces strong starting documents tailored to your site, but compliance depends on your specific processing. Have a qualified person review before publishing if you handle sensitive data.

By finding type

๐Ÿช Missing or non-compliant consent banner
No banner, or one that doesn't actually block tracking until consent. The Kit generates self-contained banner code you deploy as the first element in your body.
๐Ÿšซ Trackers firing before consent
Analytics or marketing tags loading on page-load instead of after Accept. The single most common — and most penalised — GDPR failure.
๐Ÿ“„ Missing or outdated privacy / cookie policy
No policy, or a generic template listing trackers you don't use. The Kit documents only what's actually on your site.
๐Ÿ—‚๏ธ Missing Article 30 record (RoPA)
The internal record of processing activities you must produce on request. Generated for your documentation — not published.
  1. Run the GDPR Kit on your URL to generate the consent banner code tailored to your detected trackers.
  2. Paste the banner HTML as the first element inside your <body> tag, before any other scripts.
  3. Confirm it appears for new visitors and stores the choice in a cookie so it doesn't re-prompt every page.
  4. Ensure the banner offers a genuine reject option, not just "Accept" — consent must be freely given.

This is the failure regulators act on most. Tags must not run until the user accepts:

  1. Open your site in a fresh browser session with developer tools on the Network tab.
  2. Before clicking Accept, check whether GA4 or other analytics/marketing requests fire. If they do, that's the violation.
  3. In Google Tag Manager, create a trigger listening for the banner's consent_accepted event.
  4. Move every non-essential tag (analytics, advertising, heatmaps) to fire only on that trigger.
  5. Re-test: nothing non-essential should fire until after Accept.

Fix missing or outdated policies

  1. Create two pages: /privacy-policy and /cookies.
  2. Paste the Kit-generated content into each — it lists only the trackers actually detected on your site, which is more accurate and credible than a generic template.
  3. Link both from your site footer so they're reachable from every page.
  4. Re-generate after adding or removing any third-party tool so the policies stay current.

Fix a missing Article 30 record

Article 30 requires a Record of Processing Activities (RoPA). The Kit generates one pre-populated from your detected processing. Keep it in your internal documentation — you don't publish it, but you must be able to produce it on request from the ICO or your supervisory authority. Update it whenever your processing changes.

What our GDPR Kit produces

One scan detects your cookies and trackers, categorises them (essential, functional, analytics, marketing), and generates a privacy policy, cookie policy, consent banner and RoPA tailored to what your site actually uses. For deployment detail, see the GDPR Kit Guide.

๐Ÿ”’ Generate your compliance documents

One scan, four tailored documents — pay as you go, no subscription.

Generate GDPR Kit โ†’
Related Guides: GDPR Kit Guide  ยท  GDPR Guide  ยท  GDPR Kit Demo
๐Ÿ’ฌ Got a problem?