i.
Your cookie banner is a liability
"Accept" and "Reject" must be equally prominent. Pre-ticked boxes are banned. Most banners fire analytics before consent is given.
73%
of hospitality siteswe scan fail PECR
UK restaurant website check · PECR & UK GDPRIs your restaurant website
Is your restaurant website
putting you at risk
without you knowing?
Get AI-powered insights into potential GDPR & cookie risks in under 60 seconds — and see what may need fixing with a £19 report.
Free previewNo card requiredBased on ICO guidance
★★★★★ 4.9/5
Trusted by 420+ UK restaurants & cafés
thegoldenoak.co.uk
Live website risk scanScanning…
—
Overall score
Analysing…
Checking 42 UK risk signals
This is a preview. Full report includes detailed explanations and fixes.●REC
ICO cookie enforcement active since March 2026. PECR Reg 6 breaches now reportable via public form. Max fine: £17.5M or 4% of annual turnover. Average hospitality site: 8.4 trackers before consent. 73% of UK restaurants failed their first scan. EAA accessibility deadline: June 2026.
The quiet problem
Many UK restaurant websites may not meet current GDPR & cookie expectations — and don't realise it.
PECR (the UK's Privacy and Electronic Communications Regulations) requires explicit consent before you drop a single tracking cookie. Your booking widget, pixel, and "Accept all" banner probably all fail. The ICO can — and does — issue fines.
ii.
Your booking form leaks data
Meta Pixel on a reservation page. Google Analytics without anonymisation. TripAdvisor widgets loading before the banner has rendered.
8.4
average third-partytrackers per site
iii.
Your privacy policy is outdated
The ICO expects plain English, a data controller name, and a lawful basis for every purpose. "We care about your privacy" doesn't cut it anymore.
£17.5M
max ICO fineor 4% of turnover
The ICO is actively enforcing cookie risk on hospitality sites.
As of March 2026, sites without compliant banners can be reported, investigated, and fined — regardless of size. First warning, then action.
£500k+
How it works
Three steps. No consultants. One tea's worth of time.
STEP 01
Enter your URL
Paste your restaurant's website. Our scanner crawls every public page — menus, bookings, about, careers.
STEP 02
Pay £19, we review
A certified UK privacy specialist manually reviews the automated findings — no bots writing your report.
STEP 03
Fix with confidence
A plain-English PDF with every issue ranked, the exact ICO reg it breaches, and the one-line fix for your web developer.
The £19 reportHere's what your
Here's what your
restaurant's report will look like
Every issue mapped to the specific UK regulation it violates. Every fix written for a non-technical restaurant owner — and copy-paste ready for your developer.
risk Report — thegoldenoak.co.uk
REF: CN-2498120 APR 2026v2.1
Critical
Meta Pixel fires before consent on booking page
On /book-a-table, the Facebook tracking pixel loads immediately on page visit — sending customer IP to Meta before your cookie banner appears. Direct PECR Reg 6 breach.
PECR Reg 6(1) · ICO Opinion 2024-03 · Fix in < 5 min
Critical
"Reject all" button hidden behind 2 clicks
Your banner has "Accept all" as a primary button but "Reject all" buried in a "Preferences" modal. Since March 2024, ICO guidance requires equal prominence.
ICO guidance Mar 2024 · Fix template included
Warning
Privacy policy missing lawful basis for marketing
Your policy mentions "we use your email to send offers" but doesn't name the lawful basis (consent / legitimate interest). Add a clause — we've drafted it for you in Appendix C.
UK GDPR Art. 13(1)(c) · Drafted clause provided
Pass
SSL & HSTS correctly configured
Your hosting provides valid TLS 1.3 with HSTS preload. No action required.
One price · No subscription
£19. Once. That's it.
We don't lock you into monthly fees. You get the audit, you get the fixes, you keep the report forever. Share it with your developer, your landlord, your insurer — whoever needs proof you've done the work.
Most restaurants earn this back on the first booking that doesn't get blocked by a broken form.
"Turns out our old cookie banner was firing 12 trackers before anyone clicked a thing. Fixed in an afternoon, £19 well spent."
HC
Harriet C. — Owner, The Hare & Crown, Bath
Everything included
Full risk Audit
£19£119one-off · VAT inc.
Delivered as a PDF within 24 hours, Monday to Friday.
- Full PECR & UK GDPR website audit
- Every finding mapped to the exact ICO rule
- Plain-English fixes, ranked by risk
- Developer-ready code snippets
- Updated privacy & cookie policy drafts
- 30 days of email support
- Free re-scan once you've made fixes
Paid via Stripe · Refund if we find nothing to fix
Questions
The bits most restaurant owners ask.
Can't find what you need? Email us directly — we reply within an hour on weekdays.
The automated scan is under 60 seconds. Your full £19 report — reviewed by a human privacy specialist — is delivered by email within one working day. Weekends we'll answer you first thing Monday.
Not at all. The report is written in plain English for a non-technical restaurant owner. Every fix also has a copy-paste snippet at the end so your developer (or your website builder's support team) can action it in minutes.
A full audit of your site's PECR cookie risk, UK GDPR privacy policy, booking-form data handling, third-party trackers, SSL/security basics, and accessibility (EAA-readiness). You also get drafted replacement text for your cookie banner and privacy policy, plus 30 days of email support and a free re-scan.
Yes. We scan any publicly accessible website regardless of platform. Fixes include platform-specific instructions for the three most common builders used by UK restaurants.
No. £19 is a one-off payment, VAT included. You own the report forever. If you want an annual check-up, you book another audit — at the same price.
Lucky you — you're in the 27%. If our scan finds no critical issues, we refund your £19 in full and still send you the clean-bill-of-health PDF to show your insurer.
We don't do remediation ourselves (keeps us independent), but we maintain a shortlist of trusted UK web developers who specialise in hospitality risk. We'll introduce you for free.
No. We're risk specialists, not solicitors. The report is a technical audit mapped to ICO guidance and public regulation. For binding legal opinions on edge cases, we'll recommend a data-protection solicitor.
Ready to find out where you stand?
Paste your URL. See findings in under a minute. Decide if the £19 report is worth it. Most restaurants know within thirty seconds.
No card required · Free preview · ICO-aligned methodology