Skip to main content

GDPR: Security and Data Privacy Policies

Sean Needham avatar
By Sean Needham

Siteimprove's GDPR module includes a collection of pre-configured policies focusing specifically on your website's security and data privacy. The pre-configured policies include the following:

Find publicly exposed credit card numbers
This policy highlights possible instances of credit card numbers that are openly visible on your site. This policy looks for Visa, Mastercard, American Express, and Diners Club format credit card numbers.

Embedded videos
This policy looks for videos found on the customers' websites but hosted by another website or service. Websites containing embedded videos can give third-party services the opportunity to track users visiting your website. This can lead to the leakage of personal data. Siteimprove currently flags embedded videos from services such as YouTube, Vimeo, Dailymotion, Metacafe, Flickr, Instagram, and Vevo.

Unsafe domains
This policy analyses links found on websites and checks them against a database of domains that are listed as being unsafe, i.e. they may contain malicious code, malware, virus, or unwanted software. Pages containing links to unsafe domains are flagged using this policy.

HTTP mixed content on HTTPS pages:
This policy checks if pages on a secure HTTPS domain link to an HTTP domain. Pages containing HTTPS and HTTP mixed content should be avoided to ensure that information is sent over a secure channel.

Find HTML forms on any page:
This policy highlights pages with HTML forms. It is important to keep track of forms, as sensitive data is often requested. The website owner is responsible for the protection of data collected via HTML forms. Data collection should be fair, transparent, adequate, relevant and not excessive in relation to the purposes for which it has been collected.

HTML forms on HTTP pages
This policy flags HTML forms on HTTP pages. HTTP pages send information in plain text and therefore expose users to security risks. It is advised to use the secure HTTPS protocol instead.


Note: The Siteimprove GDPR module can be added to an existing subscription, or bought as a stand-alone product. Get in touch with us if you want to learn more about the Siteimprove GDPR module.

Was this article helpful?
0 out of 1 found this helpful