TECHNICAL AUDITS OF GDPR FOR WEB AND DIGITAL SYSTEMS
Technical GDPR audits for websites
- Frontend Audit (cookies, consent, and tracking)
- Backend / Processing Audit (forms and data flows)
- Technical Implementation (when applicable, no legal drafting
Audits based on real-world evidence and observable system behavior.
For any digital business processing personal data in the EU.
Primary
- Businesses and startups
- SMEs and professional firms
Also applicable to
- Platforms, SaaS products, and WordPress websites
- Projects with users or traffic from the EU
Key principle
The sector doesn’t matter. How data is processed does.
A technical, independent, and risk-focused approach.
- We observe what the system actually does.
- We compare actual practice against policies and notices.
- We identify real (not theoretical) risks.
- We deliver clear reports to support next-step decisions.
The audit informs. Implementation is a separate phase.
The Approach
I am an independent consultant specialising in technical GDPR audits for websites and digital systems.
I have over five years of experience working with data, processes, and digital platforms, helping companies, startups, and professional firms understand how personal data is actually processed in their systems, beyond what policies or declared configurations suggest.
My work focuses on frontend and backend audits, data flow analysis, consent mechanisms, and technically observable risks. Audits are based on real-world evidence and verifiable system behavior.
I do not draft policies or legal documents, nor do I act as a legal representative or DPO. Where required, I work with legal partners or compliance leads, providing technical evidence and clear findings that support legal and organisational decision-making.
I work in both Spanish and English, with an independent, risk-focused approach aligned with the operational reality of each organisation.
Technical GDPR audits (Frontend & Backend)
Independent audits to analyse how personal data is processed across websites and digital systems. This includes cookies and consent, forms, data flows, and observable practices, with documented findings and a defined risk profile.
Website and cookie compliance (technical analysis)
Review of the website’s actual behavior: consent banners, scripts, tags, tracking, and analytics tools. Identification of GDPR / ePrivacy risks based on technical evidence. No legal policy drafting included.
Backend / Processing Audit”
Analysis of what happens after data submission: collection, storage, access, sharing, and retention. Identification of gaps between actual practices and declared documentation.
Technical Support and Privacy by Design
Targeted technical support to clarify audit findings and evaluate systems from a Privacy by Design perspective. Coordination with internal teams or legal / DPO partners, without providing legal advice.
Why work with me
A technical and practical approach, not a bureaucratic one.
I analyse how systems and websites actually work from a GDPR perspective, without generic documentation or theoretical interpretations.
Hands-on experience with data, processes, and systems.
Over five years of experience working with data flows, digital tools, SaaS environments, and websites with EU traffic.
Audits based on observable evidence.
I identify risks based on the system’s actual behavior (cookies, forms, scripts, backend data flows), not just on what policies state.
Technical support for legal documentation (no drafting).
I provide technical analysis, findings, and evidence that form the basis for policies and documentation prepared by legal or DPO partners.
Privacy by Design from a technical perspective.
Review of configurations, access controls, permissions, and technical architecture to identify risks and support compliance decisions from a design perspective.
Designed for SMEs, startups, and professional firms.
A clear, independent, and flexible approach for organisations without an internal technical or compliance team.