How to fix common KVKK & GDPR privacy issues
Plain-English guides to the issues automated scanning finds most often — what each one means, who it affects, and how to fix it.
Stop Google Analytics from loading before consent (KVKK/GDPR)
Google Analytics (GA4) sets identifiers and sends the visitor’s IP and page data to Google the moment it loads. If that happens before the visitor accepts cookies, it is processing without a legal basis.
Gate Google Tag Manager behind consent
Google Tag Manager is a loader: it can inject analytics, ad and pixel tags. If GTM fires those tags on page load, every one of them runs before consent — even the ones you forgot were there.
Load the Meta (Facebook) Pixel only after consent
The Meta Pixel tracks visitors for advertising and builds custom audiences. Firing it on page load shares behaviour with Meta before consent — and Meta is a joint controller for that data.
Session recording (Hotjar, Clarity, Yandex) needs explicit consent
Hotjar, Microsoft Clarity and Yandex Webvisor record the visitor’s screen, mouse and keystrokes. Loading them before consent captures potentially sensitive input without a legal basis.
Self-host Google Fonts to stop leaking visitor IPs
Loading fonts from fonts.googleapis.com sends every visitor’s IP address to Google on page load — a cross-border transfer that happens before consent and cannot be consented to for an essential asset.
Yandex Metrica: consent + a cross-border transfer to Russia
Yandex Metrica is analytics (and, with Webvisor, session recording) that sends data to Russia. It raises both a pre-consent problem and a cross-border transfer problem at once.
No consent banner? Non-essential trackers can’t run at all
If PrivaScan finds trackers but no consent management platform, there is no mechanism to get consent — which means every non-essential tracker on the page is running without a legal basis.
Google Ads / DoubleClick remarketing before consent
DoubleClick / Google Ads remarketing tags drop advertising cookies to retarget visitors across the web. On page load, that is advertising processing without consent.
See where your site stands
Run a free privacy scan and get a prioritized list of what to fix.