Free Tool

Cookie Consent Audit

Check whether your cookie banner meets UK PECR requirements. GDPR Radar tests four specific failure points that the ICO looks for — all automated, all free.

Run a free cookie consent audit →
What we check

Four tests. Real results.

Cookie consent failures are among the most visible PECR issues for websites. These four checks cover the cookie consent issues most commonly raised in ICO guidance.

Cookie banner presence

Checks whether a consent mechanism exists at all. Absence of any banner — on a site that runs analytics or advertising cookies — is an automatic failure under PECR Regulation 6.

Consent before load

Detects whether Google Analytics, Meta Pixel, or other tracking scripts fire on page load before the user has interacted with the consent mechanism. This is the single most common PECR violation on UK business sites.

Opt-out mechanism

Checks whether a genuine refusal option exists. Banners that offer only "Accept" or bury the reject option two clicks deep do not satisfy the freely-given requirement. The ICO is explicit: refusing cookies must be as easy as accepting them.

Cookie categorisation

The ICO requires cookies to be named or described by verified category in your consent interface. "We use cookies to improve your experience" is not sufficient. Each category — analytics, advertising, functional — must be disclosed separately.

Why it matters

Two separate penalty regimes

£500k
ICO maximum fine under PECR for unlawful cookie practices
£17.5m
UK GDPR maximum fine where the same processing also breaches UK GDPR

PECR and UK GDPR fines are issued under separate instruments. A single cookie-consent failure — for example, running advertising retargeting without any opt-in mechanism — can attract enforcement under both simultaneously. Royal Mail's £5.6m fine in 2024 arose from unlawful direct marketing, specifically unsolicited marketing emails and SMS messages — not cookie consent. In practice, the ICO applies the most relevant penalty regime to a given set of facts — dual fines on the same conduct for a typical website are theoretical rather than routine.

Does your cookie banner actually work?

Most sites believe their consent banner is compliant. GDPR Radar checks the specific technical reality — what scripts fire, and when.

Run a free cookie consent audit →