Most of the UK's top websites fail GDPR, claims ImmuniWeb

From hard to follow privacy policies to insecure cookie usage, a large number of sites are still not compliant

EU logo

A staggering number of the UK's most popular websites are failing to comply with GDPR, according to a report.

A research team from ImmuniWeb selected the 100 most visited websites for each of the 28 European member states, finding that the majority were using non-compliant processes or insecure systems to host and manage user data.

In the UK, 86 of the top 100 websites failed surface-level tests to varying degrees. All 86 were found to be using insecure cookies to handle sensitive user information, while 17% of sites had either missing or hard to reach privacy policies.

However, all 100 of the most visited sites in the UK were using HTTPs and had up-to-date content management systems.

The stats reveal that sites operating across the rest of Europe are more likely to be compliant with GDPR. A study of popular sites in France found 83 of its top 100 were non-compliant, while in Germany this fell to 50. The reasons for this are noticeably different, however, as sites in France and Germany are far more likely (50% and 40% respectively) to have missing or hard to reach privacy policies.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"We can see laudable efforts aimed to improve web application security and adhere to GDPR requirements amid European companies," said Ilia Kolochenko, CEO and founder of ImmuniWeb. "However, there is a long road before the majority of organisations value actual security above paper-based compliance thereby providing their users with the privacy and security they truly deserve.

For the EU as a whole, 51.5% had hard to understand privacy policies and 78.25% showed insecure cookie usage. These are relatively alarming statistic considering GDPR is now one-year-old and it's also an issue that some of the largest tech firms in the world have been accused off.

Last year, the Norwegian Consumer Council deemed the privacy-centric services for companies such as Facebook, Microsoft and Google was "unethical" for leading users to select settings that did not benefit their privacy.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Most Popular

Visit/cloud/cloud-computing/354767/google-cloud-snaps-up-multi-cloud-analytics-platform-for-26bn
cloud computing

Google Cloud snaps up multi-cloud analytics platform for $2.6bn

13 Feb 2020
Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/cyber-attacks/354747/apple-mac-malware-detections-overtake-windows-the-first-time
cyber attacks

Apple Mac malware detections overtake Windows the first time

11 Feb 2020