How do I check a website for GDPR content?

The EU General Data Protection Regulation (EU GDPR) came into force in May 2018 and contains rules on the protection of individuals with regard to the processing of personal data and on the free movement of such data. This does not only affect websites, but we will only focus on websites here.

In short, it means that users of websites must agree to the use of certain services, as personal data (usually the IP address) is transferred and stored on the servers of third-party providers such as Google, Facebook, LinkedIn, etc.. Based on the IP address, that is identifiable through many corners, why it is considered as personal data. However, based on the behavior on the Internet, one can create an image of the user based on the IP address and play out targeted advertising based on this image. Who doesn't know them, the handbag or the barbecue that follows you for weeks on all platforms.

We'll show you a few ways to check your website for DSGVO compliance:

1. Browser Tool - Website Inspector
2. Browser Plugin "uBlock Origin"
3. Browser Plugin "Cookie Quick Manager"
4. Automated check with SYSSY

Modern browsers all offer the possibility to view and analyze the source code in a structured form. To do this, you have to right-click somewhere on the open website (preferably on the background) and select "Inspect" or simply press F12 on the keyboard. A window with the HTML source code will open either on the right or below.

You now have several options:

1. Search the source code with Ctrl + F for specific keywords. If you want to know if you are loading e.g. Google Fonts, search for "fonts.gstatic.com".
2. Click on the "Network" tab at the top of the Inspector and reload the page without cache using Ctrl + F5 (Windows) or Cmd + R (Mac). Then the area will fill with all server requests made by the page.
   
   There are now different procedures for different browsers:

• Firefox: You see the "Host" directly in the list - here you can see if you are loading content from a foreign URL. If "fonts.googleapis.com" and/or "fonts.gstatic.com" are listed under "Hosts", Google Fonts are integrated.
• Chrome: In the column "Url" you see all URLs from which something was loaded. If "fonts.googleapis.com" or another URL from Google is there, you should act
• Edge: You can now filter and show only "third-party" files.

Attention should generally be paid to whether any content is loaded from foreign URLs here and every single foreign source should be examined and questioned:

• What is it?
• Where does it come from?
• Do I need it?
• Can it cause problems from a GDPR perspective?

With the help of the browser plugin uBlock Origin for Firefox and uBlock Origin for Chrome, you can see at a glance which external URLs are loaded and whether Google Fonts or Google Analytics are included or not. The plugin is actually an AdBlocker, but beyond the AdBlocker function, it also offers a fairly clear list of externally loaded content.

Install the plugin in the browser, pin it in the toolbar and click on the icon after loading the pages. You can already see which URLs are called from the page or from which URLs content is loaded. Basically, every URL that is not your own is interesting here.

Examples of URLs to watch out for:

• fonts.gstatic.com
• googletagmanager.com
• google-anayltics.com
• analytics.google.com
• facebook.com
• and all URLS that are not your own

With the Cookie Quick Manager browser extension for Firefox or the Cookie Editor plugin for Chrome, you can view and manage all the cookies that are set for a domain. This is important because as a website owner you need to know which cookies are set for your website. Cookies set by third parties, such as Google, are subject to consent, so you should have a clear overview of what is set without consent, so that the website remains compliant with the GDPR.

If you have set up your website as a project at SYSSY, it will be checked daily for DSGVO compliance. We check whether a whole range of services are loaded on your website without active consent to the cookie banner.

Why does it have to be regular?

The regular check is very important, because a website usually does not have a static existence, but is a dynamic part of the Internet, so to speak "lives". Through CMS or plugin updates or the integration of services such as external forms, it can happen that things like Google Fonts suddenly reappear, even though you had already eliminated them. Experience has shown that there can also be a DSGVO problem, because customers copy and paste content from other websites and then a lot is taken - we have seen everything from foreign Facebook pixels to images and videos from other URLs - which is then not only a DSGVO problem, but also quickly becomes a licensing problem.

If you add a new service and there is a problem with the GDPR, SYSSY sends you a notification and you can take care of it!

More info about the GDPR Check.

Get website management support

Want help with website management?
SYSSY works for you in the background!

Register now for free