Your Cookie Banner Is Probably Breaking GDPR — Here's the 20-Point Audit to Find Out

You installed a cookie banner plugin, clicked through the setup, and moved on. That was six months ago. You just received an email from a user asking why your site set cookies before they clicked 'Accept.' You don't know the answer. If that scenario sounds familiar, you're not alone — and the stakes are higher than most founders realize. GDPR does not care that you installed a plugin. It cares whether the plugin actually implements a valid consent mechanism. Those are very different things.