The GDPR (General Data Protection Regulation) requires websites to protect visitor privacy. This checklist covers the technical aspects that InspectWP can detect.
External Services & Data Transfer
- Host Google Fonts locally instead of loading from Google servers
- Disable Gravatar or cache avatar images locally
- Self-host analytics (Matomo) or use a consent-based approach for Google Analytics
- Avoid loading Google Maps without consent
- Check all external resources — each one transfers visitor IP addresses to third parties
Cookie Consent
- Install a cookie consent plugin (Complianz, Real Cookie Banner)
- Block non-essential cookies before consent is given
- Provide granular cookie categories (Functional, Analytics, Marketing)
- Make rejecting as easy as accepting
- Allow users to revoke consent at any time
- Log consent records for documentation
Data Storage & Processing
- Disable comment author cookies or obtain consent
- Add privacy checkbox to comment forms
- Review localStorage and sessionStorage usage
- Ensure contact forms mention data processing
- Implement data retention policies
Legal Pages
- Privacy Policy page (required)
- Cookie Policy / Information (recommended)
- Imprint / Legal Notice (required in Germany, Austria)
Verify with InspectWP
InspectWP's GDPR section detects Gravatar usage, external Google Fonts, Google Analytics, Google Maps, Facebook tracking, and other external resources. Use it as a starting point for your GDPR audit.