Fixed scope · fixed price · about two weeks
The Cookie Compliance Audit
Most privacy enforcement starts at the cookie banner, and the evidence is public: anyone can load your site and watch tags fire before a visitor consents. This is a fixed-scope audit that finds those problems, measures them against the ePrivacy and GDPR standard, and hands you a prioritized fix list. It is the cleanest way to see how Privello works before a larger engagement.
The offer
One fixed price, one clear deliverable
No open-ended hours, no retainer to start. A defined audit at a fixed fee agreed in writing before work begins, a written report, and a fix list you own — whether or not you engage Privello for anything else.
Fixed fee, confirmed in writing before work begins.
What we check
Where consent actually breaks
Cookie compliance is rarely about the banner alone. It is about what the site does in the seconds before a visitor makes a choice.
Cookie & tracker inventory
A full scan of every cookie, pixel, and tag the site sets, first-party and third-party, categorised by purpose.
Tag-firing order
Whether analytics and advertising tags fire before consent is given — the single most common enforcement trigger.
Consent quality
Whether the banner meets the prior, informed, and freely-given standard, with refusal as easy as acceptance.
Withdrawal path
Whether a visitor can withdraw consent as easily as they gave it, as the rules require.
U.S. data export
Whether analytics or ad tools quietly send personal data to the U.S. without a transfer mechanism behind it.
Notice alignment
Whether your cookie notice and privacy notice actually describe what the site does, rather than a template.
What you receive
A report you can act on
At the end of the audit you get a single written report, in plain language, that a developer and a decision-maker can both read: an inventory of what the site sets, an assessment against the consent standard, the specific issues found, and a fix list ordered by risk. No jargon binder, no vague "consider reviewing your practices."
- Cookie and tracker inventory
- Consent-compliance assessment
- Issues found, with severity
- Prioritized remediation list
- BookConfirm the audit and share the site or sites in scope.
- ScanPrivello runs the technical scan and reviews the banner and notices.
- AssessFindings measured against the ePrivacy and GDPR consent standard.
- ReportYou receive the written report and prioritized fix list.
After the audit
Where it can lead
The audit stands on its own. Many companies simply act on the fix list. But it is also the natural first step into the wider program: from a cookie audit, to a full gap analysis, to representation where a market requires it, to an ongoing engagement. You decide how far to go, and there is no obligation to continue.
Common questions
Questions about the audit
Why start with cookies?
Because it is where enforcement most often starts and where the evidence is public. Anyone — a regulator, a competitor, an activist — can load your site and see whether tags fire before consent. A cookie audit is the fastest way to close the most visible exposure and to see how Privello works before a larger engagement.
What do you actually check?
Every cookie and tracker the site sets, the order in which tags fire relative to consent, whether the banner meets the prior, informed, freely-given standard, whether consent can be refused and withdrawn as easily as it is given, and whether analytics or advertising tools export personal data to the U.S. without a transfer mechanism.
How long does it take and what do we get?
About two weeks from the start of the engagement. You receive a written report: an inventory of cookies and trackers, a consent-compliance assessment, the specific issues found, and a prioritized fix list your team or ours can act on.
We already use a consent-management platform. Do we still need this?
Usually, yes. Most findings come from misconfigured CMPs rather than missing ones: tags hard-coded outside the CMP that fire regardless of consent, categories mapped incorrectly, or a banner design that fails the freely-given standard. The audit checks what the site actually does, not what the CMP dashboard says it does.
We have visitors in the EU, Switzerland, and Norway. Which standard applies?
All three, and they are not identical. The EU applies the ePrivacy consent rules read together with the GDPR; Switzerland takes its own transparency-based approach under the revFADP; Norway's ekomlov now requires GDPR-standard consent. The audit measures against the strictest rule that applies to your traffic, so one remediation works across all three markets.
What do you need from us to start?
Very little: the domains in scope and a contact who can answer questions about your tag setup if something is ambiguous. The scan itself runs against the public site — no access to your systems is required.
What happens after the audit?
That is up to you. Many companies act on the fix list themselves. Others ask Privello to implement the remediation, or use the audit as the first step into a wider market-entry program or an ongoing engagement. There is no obligation to continue.
Begin
Find out what your site is really doing
Book the audit and share the site in scope. In about two weeks you will know exactly where consent breaks and what to fix first.