Problem: A site shows Accept All button, tiny Manage Preferences link, pre-sets analytics, fires GA before consent.
Solution: Critical violations: cookies before consent, pre-ticked boxes, unequal buttons. Fix: block GA until consent, remove pre-ticked, add prominent Reject All.
Result: Non-Compliant | 3 critical failures | HIGH fine risk
Example 2: B2B SaaS Assessment
Problem: B2B platform uses only auth cookies plus one analytics cookie. No consent banner, arguing B2B exemption.
Solution: There is NO B2B exemption. Analytics cookie requires consent. Options: remove analytics or implement minimal consent banner.
Result: Non-Compliant | Need consent for analytics | Consider server-side
Example 3: Media Publisher Compliance
Problem: News site uses 47 third-party cookies. Banner shows only Accept and buried More Options.
Solution: Add first-layer Reject All, implement TCF 2.0, block cookies until consent. Expect 45-55% consent rate vs 95% with dark patterns.
Result: Major gaps | Add Reject All | ~20% initial revenue impact
Frequently Asked Questions
What cookies require consent under GDPR?
All non-essential cookies require consent: analytics, marketing, advertising, and social media plugins. Essential cookies for session, authentication, and security are exempt but should still be disclosed.
What makes cookie consent valid under GDPR?
Valid consent must be: freely given, specific, informed, unambiguous, and withdrawable. Pre-ticked boxes and implied consent are not valid.
Do I need a cookie consent banner?
If you use any non-essential cookies and have EU/UK visitors, yes. If your site only uses strictly necessary cookies, you don't need a consent banner but should have a cookie policy.
How long does cookie consent last?
GDPR doesn't specify duration, but regulators suggest 6-12 months maximum. After this period, re-obtain consent.
What records must I keep of consent?
Keep: who consented, when, what they were told, what they agreed to, and how they can withdraw. Consent management platforms typically handle this.
What are the fines for non-compliance?
GDPR: up to โฌ20M or 4% of global annual revenue. UK GDPR: ยฃ17.5M/4%. CCPA: $7,500 per intentional violation.
Background & Theory
The GDPR Cookie Consent Compliance Checker applies the following established principles and formulas.
Legal and compliance calculations form the quantitative backbone of risk management across every industry. Statute of limitations periods define the window within which legal action must be initiated; missing these deadlines extinguishes claims permanently regardless of their merit. Periods vary widely by jurisdiction and claim type: contract disputes typically allow 3-6 years, personal injury claims 2-3 years, and written contracts may allow up to 10 years in some states. Calculating expiry dates requires identifying the triggering event, applying the statutory period, and accounting for tolling provisions that pause the clock during minority, incapacity, or fraudulent concealment.
Employment law generates substantial calculation requirements. The Fair Labor Standards Act mandates overtime pay at 1.5 times the regular rate for hours worked beyond 40 in a workweek. Regular rate calculation is not simply the hourly wage; it must incorporate non-discretionary bonuses, shift differentials, and commissions, divided by total hours worked. Workers' compensation premiums are computed as payroll divided by 100, multiplied by the applicable class code rate, adjusted by an experience modification factor reflecting the employer's historical claims.
GDPR and similar data privacy regulations impose specific retention and deletion timelines. Personal data may not be kept longer than necessary for its original purpose, requiring organisations to maintain deletion schedules and document the legal basis for each data category. Regulatory filing deadlines in financial services, environmental compliance, and healthcare are typically expressed in business days, necessitating accurate weekday and holiday calendars.
Legal cost-benefit analysis quantifies litigation risk by multiplying potential damages by probability of adverse judgment, comparing expected loss against settlement or compliance investment. Liability insurance premiums reflect actuarial assessments of this expected loss, modified by coverage limits, deductibles, and risk management practices. Compliance programmes that demonstrably reduce violation probability directly reduce premium costs and regulatory exposure.
History
The history behind the GDPR Cookie Consent Compliance Checker traces back through the following developments.
The formalisation of legal obligations through written codes began with the Code of Hammurabi around 1754 BCE in ancient Babylon. Carved onto a basalt stele, it established 282 laws governing commerce, property, and personal conduct, notably applying proportional penalties based on social status. The principle that legal consequences follow determinable formulas rather than arbitrary judgment traces directly to this tradition.
Roman law provided the systematic framework that shaped Western legal systems. The Twelve Tables (450 BCE) codified customary law for public access, and the Corpus Juris Civilis compiled by Emperor Justinian in 529-534 CE synthesised centuries of legal development into an authoritative reference that influenced European jurisprudence for a millennium.
Magna Carta in 1215 established the revolutionary principle that even monarchs were subject to law, laying the groundwork for due process, proportional punishment, and the right to a fair hearing. English common law evolved through judicial decisions rather than codification, creating a precedent-based system that spread through British colonisation to become the legal foundation of the United States, Canada, Australia, and India.
The Napoleonic Code of 1804 revived the Roman codification tradition, systematising French civil law and inspiring legal reforms across continental Europe, Latin America, and parts of Africa. Its clear structure influenced how modern compliance regulations are drafted.
The New Deal era of the 1930s dramatically expanded the American regulatory state, creating agencies like the SEC, NLRB, and FDA with broad rulemaking authority. This expansion made compliance a distinct professional discipline. The Sarbanes-Oxley Act of 2002, passed in response to Enron and WorldCom scandals, institutionalised compliance functions within public companies by mandating internal controls, audit committees, and executive certification of financial statements. GDPR's implementation in 2018 similarly professionalised data protection compliance globally, creating an entirely new category of compliance calculation centred on data lifecycle management.
Essential site storage stays on. Analytics, performance, and marketing cookies remain off until you choose. Calculator inputs stay on your device, and we do not sell your personal data.
We use essential cookies only. Analytics cookies require your consent.
