GDPR & CCPA Compliance Checklist

GDPR (General Data Protection Regulation) is the EU's data protection law that requires websites to obtain explicit consent before collecting personal data, provide clear privacy policies, enable user rights like data access and deletion, and implement appropriate security measures for data processing.

CCPA (California Consumer Privacy Act) gives California residents the right to know what personal data is collected, delete it, and opt out of its sale. Unlike GDPR which requires opt-in consent, CCPA primarily focuses on opt-out rights and applies to businesses meeting specific revenue or data volume thresholds.

Under GDPR, yes — you must obtain explicit consent before setting non-essential cookies. Under CCPA, you need a "Do Not Sell My Personal Information" link if you share data with third parties. Most websites serving EU or California users need some form of consent mechanism.

Non-compliance with GDPR can result in fines up to 20 million euros or 4% of annual global turnover, whichever is higher. Regulators can also issue warnings, reprimands, and orders to cease data processing. Beyond fines, non-compliance damages user trust and brand reputation.

Yes, completely free with no sign-up required. Answer 18 questions to get an instant compliance score, see which areas need attention, and share your results with your team.