GDPR Finder
Methodology

How we score and recommend tools

Recommendations in the Tool Finder are not based on gut feeling. They follow a structured set of criteria, documented openly so that you can understand why a tool fits your profile (or not).

Short answer

How do recommendations come together?

  • User requirements from the Finder: Eight questions about system, market, shop, marketing, budget, skill and privacy sensitivity feed into the scoring.
  • Tool criteria: Integration, auto-scan, multilingual support, pricing model, support for your own stack.
  • Privacy & consent requirements: Google Consent Mode v2, IAB TCF v2.2 (only where needed), EU hosting, cookieless tracking.
  • Budget and technical capability: Plugin setup, tag manager or server-side – only tools you can realistically operate.
  • Editorial review status: Each tool entry carries a reviewed date, a data-confidence rating and source notes. In case of doubt, 'per vendor – verify' applies.
  • No legal advice: The selection supports your decision but does not replace a data-protection or legal review.

Seven decision criteria

Each answer in the Finder feeds into a scoring model. From the result we derive three recommendations: budget, balanced and enterprise-ready.

  1. Criterion 01
    Website system

    We check whether a tool natively supports your stack (e.g. WordPress, Shopify, Webflow, TYPO3, Next.js) – plugin or snippet paths included.

  2. Criterion 02
    Target markets

    DE, AT, CH, EU or global: we weigh language defaults, geo-targeting capabilities and the vendor's market experience.

  3. Criterion 03
    Shop & marketing use

    Online shop, Google Ads, Meta, newsletter: your combination decides whether Consent Mode v2, TCF v2.2 or server-side tagging come into play.

  4. Criterion 04
    Privacy sensitivity

    Pragmatic, mindful or very sensitive: we weight cookieless tracking, EU hosting and data minimisation accordingly.

  5. Criterion 05
    Budget

    Four levels: free, low, mid and enterprise. One step of deviation is okay; larger gaps lower the fit score.

  6. Criterion 06
    Technical capability

    Plugin level, tag-manager level or server-side tagging: we avoid recommendations your team cannot realistically operate.

  7. Criterion 07
    Consent Mode v2 / IAB TCF v2.2

    Google Ads measurement needs Consent Mode v2. Programmatic advertising needs TCF v2.2. We treat both as hard requirements where applicable.

Three recommendation buckets

Budget

Tools in the free or low-cost segment. Suitable for solo founders and SMBs with a manageable tracking stack.

Balanced

Solid price/performance with extended features such as auto-scan, multilingual banners or e-commerce tracking.

Enterprise-ready

Enterprise-grade: multi-domain, TCF v2.2, audit logs, granular roles. Licence costs scale with scope.

What we deliberately don't do

  • Our assessments are editorial and based on publicly accessible information.
  • We don't award stars, fake ratings or invented reviews.
  • Affiliate commission does not influence the order or selection of recommendations.
  • Prices are indicative reference points and can be changed by the vendor.

No legal advice

GDPR Tool Finder supports your tool selection. We do not, however, make legally binding statements on GDPR, TTDSG, the Swiss FADP or other regulations. For the final assessment of your concrete setup please involve data-protection officers or lawyers.

Start the Tool FinderCompare all tools