Compliance Scanner
Is your website UK compliant?
An automated audit covering UK GDPR, PECR cookie law and WCAG accessibility. A detailed PDF report with actionable recommendations, in under sixty seconds.
Begin scan
UK sites scanned
107
Unique businesses
31
Average runtime
~60s
Sign-up required
No
Coverage
What we
check
Every scan covers the three regulatory areas most likely to land a UK SME in trouble. Reports are written in plain English, not jargon.
- № 01
UK GDPR
Privacy policy presence, lawful basis disclosures, data subject rights and contact details — all the things the ICO will ask about first.
- № 02
PECR / Cookie Law
Consent banners, cookie categorisation, pre-ticked boxes, and tracker behaviour before consent is given. The most-fined area on UK websites.
- № 03
WCAG Accessibility
Image alt text, heading structure, colour contrast, keyboard navigation and ARIA usage — the Equality Act 2010 implications most sites quietly ignore.
Why it matters
What it costs
to get wrong
UK compliance enforcement is not theoretical. The Information Commissioner's Office issued more than fifty fines to small and medium businesses in the last reporting year, and disability discrimination claims against inaccessible websites are now being settled out of court for five-figure sums. The penalties are designed to hurt — and they do.
- £
UK GDPR fines
Up to £17.5 million or 4% of global turnover, whichever is higher, for the worst breaches. In practice the ICO targets SMEs with fines between £4,000 and £130,000 for missing privacy notices, poor data-subject-access response, or unsecured personal data. The fine is on top of the cost of fixing the issue and notifying everyone affected.
- £
PECR / cookie law
Up to £500,000 per infringement. PECR is the most actively enforced UK web regulation — the ICO has explicitly named it as their cookie-enforcement priority and has been writing directly to website owners with thirty-day deadlines to fix non-compliant consent banners. Pre-ticked boxes, "accept all" without an equally-weighted "reject all", and trackers firing before consent are all on the list.
- £
Equality Act 2010
No statutory cap, decided by tribunals. Recent UK cases have settled accessibility discrimination claims for £4,000 to £20,000 per claimant — and there is no registration step, anyone affected by an inaccessible website can bring a claim. EN 301 549 (the WCAG 2.2 AA-based standard) is what courts increasingly cite.
How it works
Sixty
seconds
The scan opens your website in a headless browser, runs through every check defined in our UK compliance playbook, and writes a plain-English PDF report ranked by risk. No installation, no Chrome extension, no API key.
- № 01
Paste your URL
Just your homepage URL, no sign-up required for the first three scans of the month. The scan covers the whole front-end — cookie banner behaviour, privacy policy contents, accessibility surface, headers, and trackers.
- № 02
Real-time results
You see each check execute live — pass, fail, with the evidence behind it. Nothing is buried in summary scores. Every finding shows the exact page element or HTTP response that caused it, with the relevant UK regulation cited.
- № 03
PDF + verify badge
The full PDF report downloads instantly with prioritised remediation steps. If your score is good enough, you also get an embeddable verify badge that links back to a public permalink showing your current compliance posture — useful for tender documents and supplier questionnaires.
Sample report
What you
actually get
Every scan produces a PDF with the structure below: a headline score, the check-by-check breakdown grouped by regulation, plain-English fixes per finding, and the relevant ICO or WCAG citation backing each one.
UK Compliance Report · sample
example-sme.co.uk
Overall score
68/100
- Fail
Trackers fired before consent (PECR reg. 6)
Google Analytics, Hotjar and Meta Pixel all set cookies on page load, before the consent banner appeared. ICO has fined three UK retailers for the same pattern in the last year.
Fix · Defer all third-party scripts behind a granular consent gate; only load after explicit opt-in
- Warn
"Reject all" not equally weighted (PECR / EDPB guidance)
The consent banner has a prominent green "Accept all" button and a text-only "Manage preferences" link. EDPB guidance requires equal visual weight for accept and reject options.
Fix · Add a primary-styled "Reject all" button alongside "Accept all"
- Fail
Privacy notice missing lawful basis (UK GDPR Art. 13)
The privacy policy lists what data is collected but does not specify the lawful basis (consent, contract, legitimate interest, etc.) for each processing purpose. Required disclosure under Art. 13(1)(c).
Fix · Add a "Lawful basis" column to the data-processing table
- Warn
Insufficient colour contrast (WCAG 1.4.3)
Body text uses #9CA3AF on #FFFFFF — contrast ratio 2.85:1, below the 4.5:1 required for AA. Affects roughly 40% of the visible text.
Fix · Darken body text to at least #6B7280 for AA, #4B5563 for AAA
- Pass
DPO + ICO registration disclosed (UK GDPR Art. 13)
Data protection contact, postal address and ICO registration number all visible on the privacy page. Meets Art. 13 transparency requirements.
See a real one
We publish a verify permalink for every scan whose owner opts in. Open the tinysystems.io report below to see a real public audit (score, evidence, embeddable badge), and download the actual PDF the scanner produces.
FAQ
Common
questions
What UK small business owners ask before running a compliance scan on their own site. None of these answers are legal advice — for that, talk to a solicitor or your DPO.
- Q1
Does my small business need to comply with UK GDPR?
Yes — there is no SME exemption. If your business processes any personal data (customer emails, employee records, analytics cookies, contact forms), UK GDPR applies. The smallest one-person sole trader and a 250-employee SME are held to the same baseline standard, just scaled to the risk involved.
- Q2
What is the difference between UK GDPR and PECR?
UK GDPR governs how you handle personal data. PECR (Privacy and Electronic Communications Regulations) governs how you can use cookies, send marketing emails, and make marketing calls. They overlap — most cookie banners must satisfy both — but PECR is the one with the active enforcement pipeline against websites right now.
- Q3
Is this scanner really free?
Three free public scans per month, no registration. After that, a free account gives you private dashboard scans you can re-run as you fix things, plus the ability to publish a verify badge from your dashboard. There is no paid tier required for the compliance scanner itself.
- Q4
Will the scan affect my website?
No. The scan loads your homepage the same way a normal visitor would, reads what is publicly visible, and does not submit forms, log in, or trigger any destructive action. It registers as a single page-view in your analytics — the same as any preview-link or social-share unfurl.
- Q5
What does the PDF report contain?
An overall score, the same check-by-check breakdown you saw live, plain-English remediation steps per finding, and the relevant ICO guidance or WCAG criterion the check is based on. It is written to be readable by a non-technical SME owner and actionable by their developer.
- Q6
How is this different from a paid compliance solution?
Paid consent management platforms add the consent banner itself, manage cookie categorisation continuously, and store consent records for audit. This scanner tells you whether your existing setup (whichever CMP, plugin or homegrown banner you use) actually meets UK requirements. Useful before you buy a CMP — and often the only thing a small business really needs.
Last word
Run the scan. Read the report.
Free, instant, and without registration. PDF download included.
Run a free scan