Lawscan.org

Lawscan Compliance Index

1. Privacy & GDPR (30 points)

Read More Privacy and GDPR

  • Privacy Policy present and up-to-date – 3
  • Clear information on personal data collection – 2
  • Data controller identified with contact info / DPO (if appointed) – 2
  • Legal basis for data processing declared – 2
  • Data retention period specified – 2
  • Cookie Policy present – 2
  • Cookie banner compliant: explicit consent, no pre-ticked boxes – 4
  • Consent recorded, traceable, and easily revocable – 3
  • Contact form with consent checkbox – 2
  • Newsletter opt-in separate (double opt-in recommended) – 2
  • Right to erasure / data deletion manageable – 2
  • Ability to download/export personal data – 2
  • Extra-UE data transfers managed (SCC or equivalent) – 2
  • Internal record of processing activities – 2

2. Security (20 points)

  • SSL certificate active (HTTPS) – 3
  • Passwords stored securely (hashed) – 2
  • User password policy (complexity, expiration) – 1
  • Two-factor authentication for admin access – 2
  • Admin access protected (custom URL, IP restrictions) – 2
  • CMS/plugins regularly updated – 2
  • Periodic and tested backups – 2
  • Protection from brute force / SQL injection attacks – 3
  • User role/permission management – 2
  • Monitoring of suspicious access logs – 1

3. Legal (25 points)

  • Terms & Conditions present and updated – 3
  • Complete company information (VAT, legal address, contacts) – 2
  • Transparent pricing, additional costs, and shipping fees – 2
  • Right of withdrawal specified (e-commerce) – 3
  • EU e-commerce directive compliance – 2
  • Compliance with review regulations (verified or not, EU obligation 2022) – 2
  • Industry-specific regulations applied (health, finance, insurance, food) – 3
  • Legal guarantee of conformity (e-commerce) – 2
  • Warnings on content for minors, if relevant – 1
  • Copyright and intellectual property declared – 2
  • Policies available in the target market language – 2
  • Minimum WCAG accessibility – 1

4. Marketing & Tracking (10 points)

  • Google Analytics with IP anonymization – 2
  • Pixels / tracking only with consent – 2
  • No tracking tools active without consent – 2
  • Technical cookies separated from profiling cookies – 2
  • Marketing consent log maintained – 1
  • Double opt-in for newsletter – 1

5. Accessibility & Usability (10 points)

  • Color contrast test – 1
  • Font readability test – 1
  • Mobile-friendly navigation – 2
  • Page load <3 sec – 2
  • XML sitemap present – 1
  • robots.txt configured – 1
  • Image ALT attributes properly filled – 1
  • Keyboard navigation functional – 1

6. Extra (5 points)

  • User/admin activity logs – 1
  • Log management policy (duration, security, access) – 1
  • Data breach record / notification procedures – 1
  • Support contacts clear and visible (footer) – 1
  • Printable/savable version of policies / terms – 1

Total Maximum: 100 points

  • 90–100: Excellent compliance
  • 75–89: Compliant with minor gaps
  • 50–74: Partially compliant, medium risk
  • <50: Non-compliant, high risk