Skip to main content

GDPR: Security and Data Privacy Policies

Guðrún Gústafsdóttir avatar
By Guðrún Gústafsdóttir

Siteimprove's GDPR module includes a collection of pre-configured policies focusing specifically on your website's security and data privacy. The pre-configured policies include the following:

Find publicly exposed credit card numbers
This policy highlights possible instances of credit card numbers that are openly visible on your site. This policy looks for Visa, Mastercard, American Express, and Diners Club format credit card numbers.

Embedded YouTube videos
Having an embedded video on your website means that the website is not in control of the data gathered by the embedded resource. This policy highlights embedded YouTube videos on the site being checked.

Unsafe domains
Website links are checked against a database of domains that are listed as being unsafe, i.e. they may contain malware or unwanted software. Pages containing these domains are flagged using this policy.

HTTPS and HTTP mixed content:
This policy checks if pages on a HTTPS (secure) domain link to a HTTP (unsecure) domain. Pages containing HTTPS and HTTP mixed content are flagged.

Find HTML forms:
This policy highlights pages with HTML forms. It important to keep track of forms as sensitive data is often requested using forms and the website owner is responsible for the protection of that data.

Scripts from external sources
This policy looks for all <script src="..."> elements on your site with an external source. External scripts that are not under your control can pose security problems.

HTML forms on HTTP pages
Flags HTML forms on HTTP pages. Sending information over an unsecured HTTP page is a security risk.


Note: The Siteimprove GDPR module can be added to an existing subscription, or bought as a stand-alone product. Get in touch with us if you want to learn more about the Siteimprove GDPR module.

Was this article helpful?
0 out of 0 found this helpful