Compliance Checklists
Free, interactive checklists for the regulations most commonly applicable to websites and online businesses. Every item cites the official regulatory source.
General Data Protection Regulation
EU/EEA personal data protection — applies globally if you have EU users.
View checklist →Health Insurance Portability and Accountability Act
US healthcare data privacy — required for providers, plans, and their vendors.
View checklist →Payment Card Industry Data Security Standard
Required for any business that stores, processes, or transmits card data.
View checklist →System and Organization Controls 2
Enterprise B2B security framework — required by most large business customers.
View checklist →California Consumer Privacy Act
California privacy law — applies at revenue or data volume thresholds.
View checklist →Americans with Disabilities Act / WCAG 2.1 AA
Website accessibility — applies to all public US websites.
View checklist →Not sure which regulations apply to you?
Answer 5 questions about your business and get a personalised list.
Want to see how your website actually scores?
PrivacyGrader scans your site and gives you an A+ to F grade in 30 seconds.