Rethinking Privacy

For too long, privacy has been abused leaving organisations vulnerable. The majority want to comply but are constrained.

9 out of 10 fail GDPR requirements, despite best efforts and millions spent — the great majority are still not compliant.

Respectful behaviour is paramount for trust and to avoid unnecessary regulator attention.

London Listed PLCs

61 GDPR OK — low risk
19 GDPR Fail — medium risk
217 GDRP Fail — high risk
209 GDPR Fail — very high risk
33 Not available

Our latest audit shows 13% are respecting privacy.

/ View Privacy Risk INDEX™

The DPO Service to clarify and continually minimise compliance risk.

Our Risk Profiling Intelligence continuously prioritises and oversees remediation actions and mantains compliance — keeping the DPO out of the techno weeds.

Support the DPO to drive the value of privacy and support the business by managing conflicting priorities.

Automated reporting against consistently-applied standards provides board level clarity — you demonstrate commitment to compliance internally and to regulators.

/ Request your Privacy Risk INDEX™

Understand the Privacy Risk Score

The Privacy Risk Score is the international standard for reporting the impact of the use of non-consensual cookies. The Score provides DPOs with an instant, independent understanding of their risk position and a baseline from which improvement can be tracked.

/ Example Privacy Risk Score


Ahead of showing the results for , would you mind confirming you are not a robot, by clicking below — thanks!


Supporting regulators

As individuals become ever more aware of their rights, more complaints will be made and the workload of the Data Protection Authorities (DPAs) will increase exponentially. Privacy is devalued if it is not policed effectively. The PRA is an automated international policing scale that allows for more accurate targeting of sites. Delivered through our Risk Profiling Engine (RPE), intelligent automation delivers policing prioritisation based on risk calculations and continuous learning.

/ find out more about supporting the regulator

Whilst it’s not for me to endorse any particular tool or service, I applaud this overall development which is bringing some genuine innovation.

Neelie Kroes,
Vice president of the European Commission innovation.

Privacy Risk Auditor

The P&C Privacy Risk Auditor (PRA) is an international standard that provides independent assessment of a website’s compliance with cookie regulation. The PRA score allows an organisation to focus on improvement, reducing risk and building trust.

Risk level relating to GDPR compliance

Please note, a free audit is only available once every 30 days.
The details presented are from the most recent audit.
Risk Score:
GDPR Compliance:

What does this mean?

Your PRA shows your current risk score and level of respect for privacy. It helps you see what needs attention and guides you to actions to improve your score.

Essential cookies

Essential cookies are classified as those that are essential to provide an online service at someone’s request (e.g. to remember what’s in their online basket, or to ensure security in online banking). Essential cookies must be essential to the user and the operation of the site, not what the organisation considers to be essential to them.

Impact on your ‘brand’ reputation

Creating true transparency and control makes the difference when establishing brand trust. Brands that respect privacy by earning consent whilst delivering a positive user experience, will gain competitive advantage and be the ultimate winners in the digital economy.

How a PRA of is calculated

The PRA score is a mathematical calculation which considers the number, categorisation, and impact on privacy for the cookies and Web Storage objects being set on any given website. There is no subjectivity in the calculation, automated intelligence is used to identify cookies that are set ahead of consent being freely given.

Overall position

Below are details of all the storage items found, including the following categories:


Standard web cookies, set either by HTTP headers or by JavaScript code. These can be "session" (generally deleted when the browser is fully closed down) or "persistent" (deleted when the expiry date shown is reached).

Web Storage

Web Storage items (sometimes known as DOM storage or HTML5 storage), set by JavaScript code. These can be "session" (deleted when the individual browser window or tab is closed) or "persistent" (lasting indefinitely).


Databases (known as IndexedDB or the Indexed Database API) stored on the browser by JavaScript code. These last indefinitely.
Domain Total Cookies Web storage Databases
Session Persistent Session Persistent

Is it time to lower your PRA score – reduce risk and ensure trust?

Click here to improve >