Download the EDPB website auditing tool
Source code

The EDPB website auditing tool helps analyse whether websites are compliant with the law. The new tool allows the preparation, completion and evaluation of audits directly in the tool by a simple visit to the website concerned.

The EDPB website auditing tool was developed in the context of the EDPB Support Pool of Experts (SPE) and can be used by both legal and technical auditors at data protection authorities (DPAs), as well as by controllers and processors who wish to test their own websites. 

The EDPB website auditing tool is a Free and Open Source Software under the EUPL 1.2 Licence and is available for download on code.europa.eu 

While several website auditing tools already exist, these usually require technical expertise. The EDPB website auditing tool by contrast is easy to use in order to facilitate enforcement by national DPAs and compliance checks by controllers. You can quickly learn how to use this tool thanks to the short video tutorial above, which was produced by the external expert Mirko Camia. This tutorial will guide you through the various features of the tool and the different stages of website auditing, from the configuration of the tool to the evaluation of the trackers used and the final audit report.

The EDPB website auditing tool is also compatible with other tools, such as the EDPS website evidence collector, and allows auditors to import and evaluate the results of audits carried out on those tools. 

Update: the new version of the EDPB Website Auditing Tool is now available with a more user-friendly design interface and new features!

Additional features include:

• Analysis import/export
• New search functionality in the knowledge database either during analysing or when exploring the database
• Update of a given database and option to select whether or not to add/remove elements
• Management of multiple database by indicating the source of the knowledge base and a trust level
• Full page screenshot

The EDPB Website Auditing tool is available in English, French, German, Italian and Spanish*
 

Please only download software from trusted locations. In case of doubt, please refer to the documentation.

* The EDPB Website Auditing Tool software been automatically translated from English to German, Italian and Spanish. The EDPB does not guarantee the accuracy of the translation. Please refer to the official text in its English version if there is any doubt.

The Standardised Messenger Audit project aims at helping to inspect the messenger services used within businesses from a data protection perspective.

The EDPB launched the Standardised Messenger Audit project in the context of the Support Pool of Experts programme at the request of the German Federal Data Protection Authority (DPA).

Project completed by the external expert Prof. Mathieu Cunche in November 2023, who worked closely with the German Federal DPA, which provided significant input and feedback.

Objective

The project provides a test catalogue of mandatory, recommended, and optional requirements which a GDPR-compliant messenger frontend would have to meet. The catalogue may support data protection authorities in their work, but also companies that want to review and improve their product.

The Standardised Messenger Audit project includes two deliverables: 
 

Under the Data Protection Officer (DPO) training project, data protection officers in Croatia were trained with the aim to raise the overall level of compliance of their organisations, especially in hospitals and educational institutions.

The EDPB launched the Data Protection Officer training project in the context of the Support Pool of Experts programme, at the request of the Croatian Data Protection Authority (DPA).

Project conducted by external expert Prof. Tihomir Katulić and completed in December 2023

The DPO training extensive programme was designed in Croatian with training material and Q&As for DPOs, it includes several deliverables:

The AI risks project assesses the data protection risks of AI for Optical Character Recognition (OCR) and Named Entity Recognition (NER).

OCR is a technology used to convert images or scanned documents containing text into machine-readable text.
NER is used to identify named entities such as names, organizations and locations within a document and classify them into predefined categories.

The EDPB launched this project in the context of the Support Pool of Experts programme at the request of the EDPS.

Project completed by the external expert Isabel Barbera in September 2023.

Objective

This project helps data controllers who use AI for these purposes to perform an assessment of data protection risks and, data protection authorities to evaluate the validity and effectiveness of this assessment in the course of their investigations. 
For both technologies, the external expert identified specific data protection and privacy risks posed by the procurement, the development and the use of the specific technology.

The AI Risks project includes several deliverables: 

The AI Auditing project aims to map, develop and pilot tools that help evaluate the GDPR compliance of AI systems and applications are GDPR compliant.

The EDPB launched this project in the framework of the Support Pool of Experts programme, at the initiative of the Spanish Data Protection Authority (DPA).

Project completed by the external expert Dr. Gemma Galdon Clavell in February 2023.

Objective

This project helps all parties understand and assess data protection safeguards in the context of the AI Act. In particular, it may help DPAs to inspect AI systems by defining a methodology in the form of a check-list to perform an audit of an algorithm and proposing tools that would enhance transparency.

This project includes several deliverables: