GDPR Daily · a Fortop platform · compliant by design

GDPR and ePrivacy compliance, validated every day, not once a year.

Tags, cookies, Consent Mode v2, server-side tracking. GDPR Daily runs four automated checkpoints every 24 hours on your domain and alerts you within 24 hours when tracking drifts. Built for sectors where not being able to afford a violation is a business requirement.

Request a free audit See how it works
365validations per year per domain, not a half-yearly audit
4automated daily checkpoints
<24htime to detect on compliance deviations
EDPB+ Italian DPA as regulatory references
01 · The problem

Compliance is a river, not a snapshot.

GDPR and ePrivacy are regulations that look static but operate in an ecosystem that changes every day. EDPB guidelines and Italian DPA decisions update. Browsers change behaviour. CMPs release new versions. Marketing adds scripts, IT integrates tools, advertising partners modify their pixels.

Each of these events can alter a site's compliance posture without anyone noticing.

For most companies the compliance snapshot is taken once or twice a year by a law firm or a consultant. Between one snapshot and the next, eight, ten, twelve months can go by — during which the site has moved on, scripts have multiplied, the consent banner has stopped working properly on Safari, a third-party pixel has started firing without consent.

When the Italian DPA measure arrives — or even just a report from an active user — the gap is measured in months, and remediation in panic mode.

Silent drift

A marketing deploy, a CMP release, a change in a third-party pixel. Tracking stops respecting consent and nobody finds out until the next half-yearly audit.

Non-defensible audit

When the DPA asks for evidence, an updated cookie policy and a processing register are not enough. You need real payloads, dated logs, proof the system has worked continuously.

Multi-domain, multi-country

Three countries, five sub-brands, two different CMPs, dozens of scripts to govern. Without a continuous validation tool, consistency is an illusion.

02 · What it checks

Four checkpoints, every day of the year.

Every 24 hours GDPR Daily automatically runs four checks on your domain. When it detects a deviation, immediate alerting to the DPO and to the Fortop team in charge of the project. No surprise half-yearly audits: you know within 24 hours.

01

Validate tags

Integrity check of tracking scripts active on the pages — in particular the behaviour before consent. Which tags are firing, from which domain, with which payload, in which consent state.

02

Cookie audit

Complete mapping of cookies written by the site, automatic classification (technical, analytics, marketing, profiling), alignment with the cookie policy declaration.

03

Consent Mode v2

Verification of correct consent propagation to all relevant tags — GA4, Google Ads, Meta, LinkedIn, TikTok. Consistency check between CMP state and real tag firing.

04

Server-side tracking

Server-side tracking validation: Cloud Run / AWS Lambda container, IP anonymisation, retention, EU-only transfer. Compliant by design, verified every day.

GDPR Daily acme-pharma.com May 22, 2026 · 06:00 UTC COMPLIANCE SCORE 94/100 ▲ +2 vs 7 days ago CHECKPOINT · MAY 22, 2026 Validate tags 38 tags · 0 issues ! Cookie audit 2 new cookies to review Consent Mode v2 Propagation OK · 100% Server-side tracking Container OK · IP anon. LAST 30 DAYS · COMPLIANCE STATUS Apr 22 May 22, 2026 RECENT ALERTS May 09 · 06:14 Meta Pixel fired before consent Sub-domain it-promo. Resolved within 18h. RESOLVED DPO notified · ticket #2811 closed May 22 · 06:08 2 new cookies detected on page /it/patient _clarity, _clarity_s · to be classified TO REVIEW Owner: Marketing IT · deadline: May 24 May 19 · 06:00 Consent Mode v2: 100% propagation verified OK 38 tags checked · GA4 · Ads · Meta · LinkedIn MONITORED STACK GTM Server-Side GA4 + BigQuery CMP Iubenda Consent Mode v2 Meta Pixel Google Ads LinkedIn Insight Microsoft Clarity ! HubSpot REFERENCES EDPB guidelines Italian DPA EU Reg. 2016/679 Dir. 2002/58 ePrivacy
03 · The workflow

Five phases, a platform that runs continuously.

  1. 01

    Initial assessment

    We open the project with a full audit: what you collect, from where, under which legal basis, in which consent state, with which vendors involved. Output: prioritised risk register with severity estimates for each exposure.

  2. 02

    Remediation plan

    We build an intervention plan with priorities, internal and external owners, timing. Discussed in a workshop with the client's Legal, IT and Marketing team. Output: 3–6 month operational roadmap.

  3. 03

    Implementation

    Technical execution: CMP, server-side tagging, anonymisation, data subject rights workflows, regulatory documentation. We work with the client's internal teams, with weekly reviews.

  4. 04

    Platform activation

    We activate GDPR Daily on the domain. From this point on every 24 hours tracking is validated automatically. Dashboard accessible in real time to the client, alerting configurable on email, Slack, Teams.

  5. 05

    Continuous governance

    Quarterly posture review, updates on regulatory news (EDPB guidelines, Italian DPA decisions, case law), incident response in case of anomalies. The DPO always has a Fortop technical contact available.

04 · Three things that make it different

Not a tool: an operational practice.

Continuous, not spot

365 validations a year, not a half-yearly audit. Every deploy, every CMP release, every advertising-partner change is detected and analysed within 24 hours.

Technical, not just legal

We give the DPO technical evidence: real tag payloads, cookies actually written, consent propagation. Documentation defensible in case of a DPA audit.

Regulated sectors

Built for pharma and healthcare (sensitive data under Art. 9 GDPR, EU Reg. 536/2014), regulated food (food claims), finance (MiCAR, MiFID). Workflows aligned to EDPB guidelines and DPA decisions.

05 · Sectors

Where compliance is not a formality.

We work mainly in sectors where a GDPR violation becomes a reputational and business risk well before a regulatory risk. We don't sell GDPR Daily for an agency's brochure site: we sell it for the OTC portal of a pharmaceutical manufacturer, for the loyalty programme of a food retailer, for the home banking of a financial institution.

Pharma & Healthcare

Sensitive data (Art. 9 GDPR), patient portals, OTC. Aligned to EU Reg. 536/2014, Italian Pharmaceutical Code, AIFA guidelines.

Historical depth sector

Regulated Food & FMCG

Regulated food claims, multi-brand loyalty, compliant CRM-to-ads. Multi-country consent governance.

Multi-brand · multi-country

Finance

Banks, asset management, fintech. Sensitive financial data, integrations with enterprise CRMs, MiCAR and MiFID compliance.

Financial data

Healthcare & insurance

Private healthcare providers, life and health insurance. Art. 9 GDPR data, strict retention, mandatory server-side.

Healthcare data
06 · Get started

Start with the free audit, decide afterwards.

GDPR Daily is a consulting practice supported by a proprietary platform — not a SaaS you activate with a credit card. That's why the entry is not a self-serve plan: it's a free ten-business-day audit, after which we decide together whether building the programme makes sense. No commercial commitment.

Free audit · 10 business days

What you receive

  • Complete scan of the tracking active on your main domain
  • Execution of the 4 checkpoints of GDPR Daily on one observation day
  • Identification of the three most critical risks against EDPB and DPA
  • PDF report with prioritised remediation
  • 45-minute readout call with a senior consultant and a legal reference

Free · no commitment · no automated commercial follow-up

After the audit, two paths.

If the assessment surfaces a real risk you want to address, we open a full GDPR Daily project: extended assessment, remediation plan, implementation with your teams, activation of the continuous validation platform, quarterly governance. Custom pricing based on number of domains, countries, data-layer complexity.

If you prefer to keep remediation in-house, we leave you the report and the methodology explained. No commercial follow-up.

Monitored stack

GTM Server-Side · Consent Mode v2 · CMPs Iubenda, OneTrust, Cookiebot, Didomi · GA4 with anonymisation · OneTrust Data Subject Rights

07 · Let's talk

Want a quick read on your compliance exposure?

Fill in the form: ten business days later you'll have a scan of the tracking active on your main site, identification of the three most critical risks, a 45-minute readout call with one of our senior consultants and a legal reference. No commitment.

Prefer to write us directly?

contact@fortop.it