Assess Website Privacy Risks to help meet GDPR, CCPA and other regulatory compliance requirements

Website and Web Apps Privacy Testing (WAPT)

ArrkaWebsite Privacy Testing


Global privacy regulations like the General Data Protection Regulation (GDPR) and  the California Consumer Privacy Act (CCPA) have turned the focus on the significant Privacy intrusion that takes place via Websites and Web Apps. Since most of the Personal Data captured by Websites is ‘below the surface’, a user is often in the dark.


What is of even greater concern is that many organizations also remain in the dark about what Data Privacy transgressions their own Websites and Web Apps are indulging in – the  Permissions they are taking, Tracking mechanisms they have deployed, the 3rd party Cookies that are embedded, the cross border transmission of personal data that is taking place via the Web App, etc. Lack of this detailed technical understanding coupled with missing standards further contribute to this problem. However, this can be a costly oversight – given the stringent requirements of laws like GDPR.


Arrka’sWebsite and Web App Privacy Testing (WAPT) solution helps organizations address this very problem. The solution assessesaWeb App’s compliance to Privacy Regulations like the GDPR, CCPA, Singapore PDPA and a host of others. The solution scans for permissions& Tracking mechanisms (e.g. Cookies), 3rd party Cookies embedded in the Website, data sharing with unknown 3rd Parties& the security of personal data in the Web App. This provides an organization’s privacy and Website development teams visibility into  the Web App’s compliance to regulatory requirements and lays the foundation to achieve “Privacy By Design”. Companies can export visual reports to help business units and developers gain an understanding of the app’s “privacy health.”

For further details, do contact us

WAPT Feature Summary

Understand your Website's & Web App's Privacy Health

Scans for Dangerous Permissions& Trackers

Permissions and Tracking mechanisms like Cookies enable Websites and Web Apps to collect highly sensitive Personal Data from an individual’s device, thereby potentially compromising the privacy of the individual. Arrka’s solution identifies the Permissions and Trackers used by the Website and provides benchmarks against industry peers.



Permissions/Trackers for Website















3rd party cookies



Cookies store Personal Data



E-Tag Usage


Scan for 3rd Parties & Cross Border Transfers

Data Sharing with 3rd Parties

Arrka’s solution identifies the embedded third parties (via their cookies) and the specific category or type of third party it is, thereby letting the organization know with whom the Website is sharing data and therefore the privacy risks, if any, associated with the same. It then benchmarks this against industry peers.

Cross Border Transfers

Further, the solution also provides a list of countries outside of the base country that the data is being transmitted to. This enables the organization to check where this impacts cross border data transfer requirements of various laws and regulations and institute the requisite controls in place.

The solution also highlights uncommon third parties and high-risk countries which needs to be looked into in more detail.

Scan for Data Security

Data Security is an important aspect of Privacy and is a feature in all Privacy Regulations. Arrka’sWAPT solution arrives at a Security score based on  whether Data is stored by the Website/Web App in a Secure manner, data is transmitted in a safe manner (encryption), tracking mechanisms used and whether secure coding practices are followed based on the latest security incidents.

Scan for Transparency

The concept of transparency is a major requirement  across global privacy regulations.  The solution assesses the accurate declaration of privacy practices by the Websites  as well as the accessibility and readability of the declaration. The solution also assesses whether usersare provided with legitimate choices that they can exercise and whether consent is elicited  for all critical privacy impacting activities

Assess User Rights Provisions

User Rights Provisions

The concept of User Rights provisions has evolved over the years. Over and above the basic data access and rectification rights, GDPR has come up with a  host of other user rights provisions. The solution assesses whether the user has been informed of their rights and alsoif the process of availing those rights have been clearly communicated to the user and is

Benchmarking with Industry

Industry Benchmarks

Arrka has been an industry thought leader in the area of Website and Web App Privacy . We have covered Websites in the 2018 edition of the State of Data Privacy of Mobile Apps & Websites report. As part of the Study, we have collected Benchmarking data on Privacy parameters covering Indian and global organizations across multiple sectors. The Arrka study has shed light on inter sector and intra sector variation in Privacy metrics. Arrka’sWAPT customers  have access to the detailed benchmarks and  benefit from the insights on where they stand vis-à-vis their peer group on Privacy metrics.