The Siteimprove GDPR module helps organizations prepare for and meet a number of requirements in the General Data Protection Regulation (GDPR), specifically regarding personal data found on websites.
For example, in relation to articles in the GDPR like Art.5 (Principles relating to processing of personal data), Art.16 (right to rectification) and Art.17 (right to be forgotten), you need to know where on your website the relevant data is located in order to rectify or delete the data. That’s where the GDPR module can help.
The GDPR module locates personal data* automatically and on a continuous basis. Instead of having to search for individual pages looking for this data or compiling a list of domains and subdomains on which to look for them, this is automated within the GDPR module. The results are then presented to the user in an organized way.
The GDPR module also helps companies demonstrate accountability. By implementing a data monitoring solution, a company shows that it is taking a concrete technical measure to help ensure that personal data on its websites is handled in accordance with the GDPR. The Siteimprove GDPR module will help provide a basis for companies to start working towards GDPR compliance on their websites.
The first release of the Siteimprove GDPR module includes the following features:
Personal data inventory: An inventory of pages that contain personal data, i.e. email addresses, phone numbers, names, and personal ID numbers (e.g. Social Security numbers) for the sites we crawl.
It is also possible to prioritize the auditing of website pages. This is determined by the number of different types of personal data present, and whether a page has been viewed by visitors.
Domain / IP Map: An inventory of all domains, sub-domains, and IP addresses that may belong to your organization, along with metadata such as who registered the domain, when it expires, etc.
Knowing what domains are owned by an organization is an important starting point for assessing where and how much personal data is being held on its websites.
Users also have the ability to "reject" domains that they don't own. It is indicated whether a domain or sub-domain is checked by Siteimprove, so users know whether there are any sites they own which potentially could have personal data that is not being checked.
GDPR policies: The Siteimprove GDPR module includes pre-configured GDPR policies. These security and data privacy policies allow users to monitor their websites for potential data breaches or weak points (e.g. flagging HTML forms on unsecured HTTP pages). You can find out more in the article: "GDPR: Security and Data Privacy Policies."
Note: The Siteimprove GDPR Module is a standalone product that can be purchased separately from the Content and Analytics Suites. Please contact us if you want to know more about the Siteimprove GDPR module.
*The GDPR module currently looks for occurrences of names, phone numbers, email addresses, and personal identification numbers on your website.