The EDPB Support Pool of Experts (SPE) has developed a tool for auditing websites that are good for companies to use. Through this, the company can see if they meet the requirements of GDPR on its website.
European Data Protection Board (EDPB)
The European Data Protection Board (EDPB) is an independent European body. Its purpose is to ensure that the GDPR and other EU data protection laws are applied consistently by the member states of the Union and throughout Europe. Among other things, the EDPB provides general guidance on data protection, promotes cooperation between Member States’ data protection authorities and advises the European Commission.
EDPB Support Pool of Experts (SPE) has developed a tool for auditing websites
The EDPB Support Pool of Experts (SPE) created the tool because those that already exist often require technical knowledge, which many do not have. This tool should be easy to use. It was presented in 2023 in the first EDPB bootcamp. Those who participated gave positive feedback and then they chose to go ahead with launching the tool. The software is completely free to download and use.
Through this tool, companies that are controllers or processors can analyse their website to see if they comply with the GDPR. Regulators can also use it to see if companies, organisations and public bodies comply with the GDPR when carrying out any inspections. In addition, it is possible to draw up reports through the tool.
Download the software: https://code.europa.eu/edpb/website-auditing-tool/-/releases
European Data Protection Board: Online platforms with consent or pay models do not always meet the requirements for valid consent in accordance with GDPR
The EDPB considered whether companies providing online services should only offer the two options to data subjects either: 1) need to pay for the service, or 2) receive targeted marketing based on their personal data. This is after several data protection authorities requested the position. The EDPB considered that companies should offer another option that is free of charge, but where advertising can be carried out without having to process so much personal data or none at all. The consent given can be considered non-genuine otherwise, which means that it does not meet the requirements for a valid consent in accordance with the GDPR.