What is a data privacy audit?
A data privacy audit checks the use of first-party cookies, third-party cookies and third-party requests on your website. This determines if it collects and shares data in accordance with privacy regulations at a resulting low, medium or high risk level for privacy noncompliance.
What do I do with the privacy audit results?
Once you have identified which cookies and requests are being used by your website for data collection, you can begin to ask your website visitors for consent. A consent management platform (CMP) manages the gathering and storing of consents to help you achieve privacy compliance.
We can’t provide specific legal advice, but there are some best practices. Appoint representatives for data privacy and protection initiatives. Know what data you collect and how it’s managed. Have a provable legal basis for data processing. Set up data processing agreements with third parties. Provide clear information to enable users’ consent choices. Download our GDPR Compliance Checklist for more information.
What does it mean if my website risk is low?
A low risk level means that the data privacy audit found that your website sets first-party cookies without explicitly asking users for consent. No third-party cookies or third-party requests were found.
What does it mean if my website risk is medium?
A medium risk level means that the data privacy audit found that your website is definitely not privacy compliant. Your website sets either an above average number of first-party cookies OR third-party cookies and/or third-party requests, without explicitly asking users for consent. You may be at risk of noncompliance penalties.
What does it mean if my website risk is high?
A high risk level means that the data privacy audit found that your website has substantial privacy compliance failures. Your website sets a large number of third-party cookies and third-party requests without explicitly asking users for consent. You may be at risk of noncompliance penalties.
What are cookies?
Cookies are small files set in web browsers that enable user identification tracking, personalized marketing and other functions. Some types of cookies share user data with third parties. Website operators should know which cookies they use and what data they collect. Valid consent can’t be requested from users without accurately communicating about cookie usage.
What are first-party cookies?
First-party cookies are set by websites while the user is on-site. They enable website providers to collect customer activity and analytics data, remember language and other preference settings, and carry out other useful user experience functions.
What are third-party cookies?
The riskiest type of cookies for privacy compliance, these are usually set for tracking and retargeting marketing campaigns. They are set by third-party servers, such as ad servers on publishers’ websites, and user data is shared.
What are third-party requests?
Third-party requests are files that are loaded from a website other than the one that the user is currently visiting. They usually are from vendors whose technology is implemented on the website where the user is active, or who use that website for advertising and tracking purposes.