Overview
Websites change constantly -- new pages, updated integrations, additional marketing tools. Each change can introduce new cookies or trackers that affect your compliance posture. This guide provides a structured checklist for conducting periodic reviews to keep your Secure Privacy configuration up to date.
Review Checklist at a Glance
| Area | What to Check | Recommended Frequency |
|---|---|---|
| Website scan | Overall score, new cookies | Weekly or after site changes |
| Classification tab | Cookie categories, service mappings | Monthly |
| Google Consent Mode | Consent type mappings, default states | Quarterly |
| Banner language | Text accuracy, translations | Quarterly |
| DSAR settings | Notification emails, response tracking | Quarterly |
| Privacy and cookie policies | Accuracy with current practices | Semi-annually |
1. Website Scan Report
The Scan Report page is your starting point for every review. Open it and check:
- Overall compliance score -- Has it changed since the last review?
- Detected services -- Are there new services you did not expect?
- Cookie inventory -- Do detected cookies match the services actually deployed on your site?
- Gaps -- Are any cookies unaccounted for?
If your score has dropped or new items have appeared, investigate before moving on.
Run a manual scan after any significant site change -- such as adding a new analytics provider, marketing pixel, or third-party widget.
2. Classification Tab
Open the classification tab and look for:
- Unclassified cookies -- Assign the correct consent category to each one
- Incorrect service mappings -- Make sure cookies are attributed to the right services
- Missing entries -- If you know a service is active but its cookies are not listed, add them via the Custom Cookies tab
Accurate classification is essential because it determines which cookies are blocked before consent and which are allowed as essential.
3. Google Consent Mode Settings
If you use Google Tag Manager, Google Analytics, or Google Ads, review your Consent Mode configuration:
- Verify consent type mappings are correct for each tag
- Check default consent states for each region
- Confirm that Advanced Mode is working as expected (check the GTM debug panel)
Consult your marketing and legal teams before changing default consent states, especially when switching between Basic and Advanced mode.
4. Cookie Banner and Preference Center Language
Review the text displayed in your cookie banner and privacy preference center:
- Is all text accurate and up to date?
- Are translations correct if multi-language is enabled?
- Are button labels compliant? (e.g., "Reject All" must be equally prominent as "Accept All" under GDPR)
- Test the user flow in each supported language to catch any rendering issues
5. DSAR Email Notifications
Your Data Protection Officer or compliance team should receive email notifications when visitors exercise their data rights.
- Confirm the correct email address is configured to receive DSAR notifications
- Test the flow by submitting a test request on your site
- Verify that response deadlines are being tracked properly in the dashboard
6. Privacy and Cookie Policy Updates
Work with your legal team to keep policies current:
- Review the privacy policy for accuracy with current data practices
- Update the cookie policy to reflect the latest scan results
- Ensure policies reference all third-party services detected on your site
- Update data retention information if retention periods have changed
Building a Review Habit
The most effective approach is to tie reviews to your existing workflows:
- After deployments -- Run a scan whenever you push changes to production
- Monthly -- Block 30 minutes on the first Monday of each month for a classification review
- Quarterly -- Schedule a deeper review covering Consent Mode, banner language, and DSAR settings
- Semi-annually -- Coordinate with legal for a full policy review
Need Help?
If you have questions or need assistance with any part of your review, contact Secure Privacy support at [email protected].