With the growing popularity of web applications, there is a corresponding need to ensure that they comply with relevant regulations and standards, such as the General Data Protection Regulation (GDPR), which mandates strict guidelines for processing personal data within the European Union (EU). In this paper, we leverage machine learning and natural language processing techniques to gather a dataset of web applications to evaluate their GDPR-compliance by scrutinizing their privacy policies. We present an overview of the current state of GDPR compliance among web applications and identify areas that require attention. The results show that, among other things, web applications have a relatively high level of GDPR-compliance, with most requirements being covered at around 80-90%. Furthermore, web applications in the US and India demonstrate higher compliance with GDPR than European web applications. Also, the findings show that a relatively high amount was spent on IT by organizations that did not meet the considered GDPR requirements. In short, this study reveals that there is still work to achieve GDPR compliance, particularly regarding providing clarity about user rights regarding data processing. By highlighting the areas where compliance falls short, our research offers a starting point for enhancing privacy engineering practices for web applications and establishing a more privacy-centric digital landscape.