Assess Website Privacy Risks to help meet GDPR, CCPA and other regulatory compliance requirements
Website and Web Apps Privacy Testing (WAPT)
ArrkaWebsite Privacy Testing
Global privacy regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have turned the focus on the significant Privacy intrusion that takes place via Websites and Web Apps. Since most of the Personal Data captured by Websites is ‘below the surface’, a user is often in the dark.
What is of even greater concern is that many organizations also remain in the dark about what Data Privacy transgressions their own Websites and Web Apps are indulging in – the Permissions they are taking, Tracking mechanisms they have deployed, the 3rd party Cookies that are embedded, the cross border transmission of personal data that is taking place via the Web App, etc. Lack of this detailed technical understanding coupled with missing standards further contribute to this problem. However, this can be a costly oversight – given the stringent requirements of laws like GDPR.
Arrka’sWebsite and Web App Privacy Testing (WAPT) solution helps organizations address this very problem. The solution assessesaWeb App’s compliance to Privacy Regulations like the GDPR, CCPA, Singapore PDPA and a host of others. The solution scans for permissions& Tracking mechanisms (e.g. Cookies), 3rd party Cookies embedded in the Website, data sharing with unknown 3rd Parties& the security of personal data in the Web App. This provides an organization’s privacy and Website development teams visibility into the Web App’s compliance to regulatory requirements and lays the foundation to achieve “Privacy By Design”. Companies can export visual reports to help business units and developers gain an understanding of the app’s “privacy health.”
WAPT Feature Summary
Scans for Dangerous Permissions& Trackers
Permissions and Tracking mechanisms like Cookies enable Websites and Web Apps to collect highly sensitive Personal Data from an individual’s device, thereby potentially compromising the privacy of the individual. Arrka’s solution identifies the Permissions and Trackers used by the Website and provides benchmarks against industry peers.
Permissions/Trackers for Website
3rd party cookies
Cookies store Personal Data
Scan for 3rd Parties & Cross Border Transfers
Data Sharing with 3rd Parties
Arrka’s solution identifies the embedded third parties (via their cookies) and the specific category or type of third party it is, thereby letting the organization know with whom the Website is sharing data and therefore the privacy risks, if any, associated with the same. It then benchmarks this against industry peers.
Cross Border Transfers
Further, the solution also provides a list of countries outside of the base country that the data is being transmitted to. This enables the organization to check where this impacts cross border data transfer requirements of various laws and regulations and institute the requisite controls in place.
The solution also highlights uncommon third parties and high-risk countries which needs to be looked into in more detail.
Scan for Data Security
Data Security is an important aspect of Privacy and is a feature in all Privacy Regulations. Arrka’sWAPT solution arrives at a Security score based on whether Data is stored by the Website/Web App in a Secure manner, data is transmitted in a safe manner (encryption), tracking mechanisms used and whether secure coding practices are followed based on the latest security incidents.
Scan for Transparency
The concept of transparency is a major requirement across global privacy regulations. The solution assesses the accurate declaration of privacy practices by the Websites as well as the accessibility and readability of the declaration. The solution also assesses whether usersare provided with legitimate choices that they can exercise and whether consent is elicited for all critical privacy impacting activities
Assess User Rights Provisions
User Rights Provisions
The concept of User Rights provisions has evolved over the years. Over and above the basic data access and rectification rights, GDPR has come up with a host of other user rights provisions. The solution assesses whether the user has been informed of their rights and alsoif the process of availing those rights have been clearly communicated to the user and is
Benchmarking with Industry
Arrka has been an industry thought leader in the area of Website and Web App Privacy . We have covered Websites in the 2018 edition of the State of Data Privacy of Mobile Apps & Websites report. As part of the Study, we have collected Benchmarking data on Privacy parameters covering Indian and global organizations across multiple sectors. The Arrka study has shed light on inter sector and intra sector variation in Privacy metrics. Arrka’sWAPT customers have access to the detailed benchmarks and benefit from the insights on where they stand vis-à-vis their peer group on Privacy metrics.