Skip to main content
EU Regulation 2016/679

GDPR Compliance.
Is your website compliant?

The General Data Protection Regulation requires every organisation processing EU personal data to implement appropriate technical measures — or face fines up to €20M or 4% of global turnover.

In force since May 25, 2018
Scan your website now View compliance plans

Does the GDPR apply to you?

The GDPR applies to any organisation — anywhere in the world — that processes personal data of EU residents. If you collect, store, or process personal data in any of these scenarios, you are in scope.

E-commerce

Controller

SaaS / Cloud

Processor

Healthcare

Controller

Marketing / Ads

Controller

Financial Services

Controller

HR / Recruitment

Controller

Education

Controller

Public Sector

Controller

The cost of non-compliance

Serious violations

Art. 83(5) — unlawful processing, breach of data subject rights

€20M

or 4% of global annual turnover

whichever is higher

Procedural violations

Art. 83(4) — inadequate security, missing records, no DPIA

€10M

or 2% of global annual turnover

whichever is higher

National DPAs have issued over €4.5 billion in GDPR fines since 2018.

What the GDPR requires — and what SiteGuardian monitors

The GDPR mandates appropriate technical and organisational measures to protect personal data. SiteGuardian continuously monitors the technical requirements.

Art. 5(1)(f)

Integrity and confidentiality

Monitored

SiteGuardian validates HTTPS enforcement, TLS configuration, security headers, and encryption in transit — ensuring personal data is protected against unauthorised access and accidental loss.

Art. 25

Data protection by design and by default

Monitored

SiteGuardian monitors Content Security Policy quality, cookie flags (Secure, HttpOnly, SameSite), security headers hardening, and default privacy-safe configurations across your web properties.

Art. 32

Security of processing

Monitored

SiteGuardian enforces TLS 1.2+ with forward secrecy, validates cipher suite strength, checks HSTS deployment and preload readiness, monitors certificate validity, and detects deprecated protocols.

Art. 33

Notification of a personal data breach

Monitored

SiteGuardian detects security incidents in real time, starts the 72-hour notification countdown required by GDPR, classifies regulatory impact, and generates pre-filled reports for your Data Protection Authority.

Art. 35

Data protection impact assessment (DPIA)

DPIAs are questionnaire-based assessments that require organisational input on data flows, risk evaluation, and mitigation measures. This is a process-driven requirement beyond automated monitoring.

Art. 37

Designation of a Data Protection Officer

Appointing a DPO is an organisational requirement for public authorities and organisations whose core activities involve large-scale systematic monitoring or processing of special categories of data.

Art. 44–49

International data transfers

Monitored

SiteGuardian analyses data residency of third-party services, detects hosting in non-adequate third countries, and tracks pre-consent data transfers via CDNs, analytics, and font services — flagging potential Art. 44 violations.

Art. 30

Records of processing activities

SiteGuardian provides document generators and audit trail exports that support your records of processing. However, maintaining complete records requires manual input about purposes, legal bases, and retention periods.

Check your GDPR compliance posture

Scan your website to see where you stand. SiteGuardian maps every finding to GDPR articles — so you know exactly what to fix.

Free security scan View compliance plans

Free forever for 1 monitor. No credit card required.

Frequently asked questions

What is the GDPR?
The General Data Protection Regulation (GDPR, Regulation 2016/679) is the EU's comprehensive data protection law that governs how organisations collect, store, process, and transfer personal data of individuals in the European Union. It has been in force since May 25, 2018, and applies to any organisation worldwide that processes EU personal data.
Who must comply with the GDPR?
Any organisation that processes personal data of EU residents must comply — regardless of where the organisation is based. This includes data controllers (who determine the purpose and means of processing) and data processors (who process data on behalf of controllers). It applies to businesses of all sizes, from sole traders to multinational corporations.
What are the fines for GDPR violations?
The GDPR has a two-tier penalty structure. Serious violations such as unlawful processing or breach of data subject rights carry fines up to €20 million or 4% of global annual turnover, whichever is higher. Procedural violations such as inadequate security measures or failure to maintain records carry fines up to €10 million or 2% of global annual turnover.
What does SiteGuardian check for GDPR compliance?
SiteGuardian continuously monitors the technical measures required by GDPR: HTTPS/TLS encryption and configuration, security headers (CSP, HSTS, X-Frame-Options), cookie security flags, cipher suite strength and forward secrecy, third-party data residency analysis, pre-consent data transfer detection for CDNs, analytics and fonts, and certificate validity monitoring.
How does SiteGuardian help with GDPR breach notification?
When SiteGuardian detects a security incident, it automatically classifies the regulatory impact under GDPR, starts the 72-hour notification countdown required by Art. 33, and generates pre-filled reports for your Data Protection Authority (DPA). This helps you meet the strict notification deadline and document your response for compliance evidence.