GDPR Privacy Compliance Audit
Audit third-party tracking and data collection on websites
GDPR requires transparency about data collection and third-party tracking. EdgeDNS helps identify analytics, tracking pixels, and third-party services that may require consent or disclosure.
The Challenge
Websites often include third-party scripts that collect personal data, sometimes without proper consent or disclosure. Privacy officers need visibility into what tracking technologies are present, but manual audits are time-consuming and quickly become outdated as marketing teams add new tools.
The Solution
Automatically audit websites to identify analytics platforms, tracking pixels, CDNs, and third-party integrations. Generate reports documenting data collection touchpoints to support privacy impact assessments and maintain accurate privacy policies.
Endpoints Used
Combine these EdgeDNS endpoints to build this solution.
/v1/domain/analyticsTry in PlaygroundAnalytics Detection: Identify Google Analytics, Mixpanel, and other tracking
/v1/domain/techTry in PlaygroundTechnology Detection: Comprehensive third-party service identification
/v1/security/headersTry in PlaygroundSecurity Headers: Check for privacy-related headers like Referrer-Policy
/v1/domain/metaTry in PlaygroundMeta Tags: Identify embedded tracking and social pixels
/v1/domain/cdnTry in PlaygroundCDN Detection: Identify content delivery networks processing requests
Results You Can Achieve
Complete tracking inventory
Document all data collection for privacy policies
Continuous compliance monitoring
Detect when new tracking is added without approval
Support DPIAs and audits
Evidence-based documentation for regulators
Code Example
GDPR privacy audit
async function privacyAudit(websiteUrl) {
const headers = { 'Authorization': 'Bearer YOUR_API_KEY' };
const domain = new URL(websiteUrl).hostname;
const [analytics, tech, secHeaders, meta, cdn] = await Promise.all([
fetch(`https://api.edgedns.dev/v1/domain/analytics?domain=${domain}`, { headers }),
fetch(`https://api.edgedns.dev/v1/domain/tech?domain=${domain}`, { headers }),
fetch(`https://api.edgedns.dev/v1/security/headers?url=${websiteUrl}`, { headers }),
fetch(`https://api.edgedns.dev/v1/domain/meta?url=${websiteUrl}`, { headers }),
fetch(`https://api.edgedns.dev/v1/domain/cdn?domain=${domain}`, { headers }),
].map(p => p.then(r => r.json())));
// Categorize findings
const dataCollectors = {
analytics: analytics.data.tools || [],
advertising: tech.data.technologies.filter(t => t.category === 'advertising'),
socialPixels: meta.data.social_pixels || [],
cdnProviders: cdn.data.providers || []
};
// Check for privacy-enhancing headers
const privacyHeaders = {
referrerPolicy: secHeaders.data.headers['referrer-policy'],
permissionsPolicy: secHeaders.data.headers['permissions-policy'],
hasPrivacyHeaders: Boolean(secHeaders.data.headers['referrer-policy'])
};
// Generate compliance report
return {
domain,
auditDate: new Date().toISOString(),
dataCollectors,
privacyHeaders,
requiresConsentBanner: dataCollectors.analytics.length > 0 ||
dataCollectors.advertising.length > 0,
thirdPartyCount: Object.values(dataCollectors).flat().length
};
}Learn More
Explore industry standards and best practices related to this use case.
Ready to build GDPR Privacy Compliance Audit?
Get started with 200 free API requests per month. No credit card required.