About TickGDPR — An Independent GDPR Audit Practice

Bringing clarity to website GDPR compliance through independent audits.

Solicitar Consultar

About TickGDPR

Independent. Practical. Evidence-based.

TickGDPR helps organizations understand how their websites actually handle personal data — and where GDPR and ePrivacy risks may exist.

We focus on clarity, not fear.
Our work is based on observable behaviour, not assumptions or templates.

What we do

TickGDPR provides independent GDPR audits for websites, covering:

  • cookies, consent, and tracking behaviour
  • forms, data flows, and backend processing
  • transparency and accountability risks
  • documentation consistency (what is stated vs what happens)

Our audits are designed to give decision-makers a clear, factual picture of their current position, so they can decide what to do next — and what not to overreact to.

What makes our approach different

Evidence before opinion

We review what a website actually does, as experienced by users and systems, rather than relying solely on policies or declared intentions.

Independence by design

Audit and implementation are kept separate.
This ensures objectivity and avoids conflicts of interest.

Plain language

Findings are explained clearly, without legal or technical jargon, so they can be understood by business owners, managers, and non-specialists.

Practical scope

We focus on website-related processing — where many GDPR risks originate and where confusion is most common.o.

How we work

Our role is to observe, document, and explain.

We:

  • identify potential compliance gaps
  • classify findings by relative risk
  • provide context and evidence

We do not:

  • implement technical changes as part of an audit
  • draft legal documents or contracts
  • act as legal representatives
  • certify GDPR compliance

This separation allows clients to engage developers, lawyers, or internal teams of their choosing, using the audit findings as a factual basis.

We review what a website actually does, as experienced by users and systems, rather than relying solely on policies or declared intentions.

TickGDPR audits are designed to work alongside existing advisors.

Where required:

  • developers can use the findings to implement changes
  • legal professionals can use the findings to review or update documentation

Each party retains responsibility for their own work.

Who we work with

We typically work with:

  • small and medium-sized organizations
  • professional services (clinics, consultancies, law firms)
  • agencies managing client websites
  • organizations preparing for broader GDPR reviews

Our focus is on practical risk visibility, not checkbox compliance.

About the practice

TickGDPR was created to address a common gap:
many organizations have policies and tools in place, but limited visibility into how their websites actually behave.

By focusing on real-world website behaviour and clear reporting, we help organisations move from uncertainty to informed decision-making.