The Siteimprove Data Privacy module helps organizations prepare for and meet a number of requirements in the General Data Protection Regulation (GDPR), specifically regarding personal data found on websites.
For example, in relation to articles in the GDPR like Art.5 (Principles relating to the processing of personal data), Art.16 (right to rectification) and Art.17 (right to be forgotten), you need to know where on your website the relevant data is located in order to rectify or delete the data. That’s where the Data Privacy module can help.
The Data Privacy module locates personal data* automatically and on a continuous basis. Instead of having to search for individual pages looking for this data or compiling a list of domains and subdomains on which to look for them, this is automated within the Data Privacy module. The results are then presented to the user in an organized way.
The Data Privacy module also helps companies demonstrate accountability. By implementing a data monitoring solution, a company shows that it is taking a concrete technical measure to help ensure that personal data on its websites is handled in accordance with GDPR. The Siteimprove Data Privacy module will help provide a basis for companies to start working towards GDPR compliance on their websites.
The first release of the Siteimprove Data Privacy module includes the following features:
Personal data inventory: An inventory of pages that contain personal data such as email addresses and phone numbers for the sites we crawl.
It is also possible to prioritize the auditing of website pages. This is determined by the number of different types of personal data present, and whether a page has been viewed by visitors.
Domain / IP Map: An inventory of all domains, sub-domains, and IP addresses that may belong to your organization, along with metadata such as who registered the domain, when it expires, etc.
Knowing what domains are owned by an organization is an important starting point for assessing where and how much personal data is being held on its websites.
Users also have the ability to "reject" domains that they don't own. It is indicated whether a domain or sub-domain is checked by Siteimprove, so users know whether there are any sites they own which potentially could have personal data that is not being checked.
Data Privacy policies: The Siteimprove Data Privacy module includes pre-configured Data Privacy policies. These security and data privacy policies allow users to monitor their websites for potential data breaches or weak points (e.g. flagging HTML forms on unsecured HTTP pages). You can find out more in the article: "Security and Data Privacy Policies."
Cookie Tracking: The Siteimprove Data Privacy module includes cookie tracking which provides users with an overview of the cookies set by the selected website. Find out more about cookie tracking in the article "Siteimprove Data Privacy: Cookie Tracking".
Universal Search and Tracked Search Terms: Search and track your site's pages, files, HTML, and metadata for personal data, (e.g. find details on someone who has invoked their "right to be forgotten" under the rules of GDPR). Find out more about in the article "Universal Search and Tracked Search Terms"
User Action Log: Documents actions taken by users within the Data Privacy module. Find out more about in the article "Data Privacy User Action Log".
Note: The Siteimprove Data Privacy Module is a standalone product that can be purchased separately from the Content and Analytics Suites. Please contact us if you want to know more about the Siteimprove Data Privacy module.
*The Data Privacy module currently looks for occurrences of phone numbers and email addresses on your website.