Most of the UK's top websites fail GDPR, claims ImmuniWeb

From hard to follow privacy policies to insecure cookie usage, a large number of sites are still not compliant

EU logo

A staggering number of the UK's most popular websites are failing to comply with GDPR, according to a report.

A research team from ImmuniWeb selected the 100 most visited websites for each of the 28 European member states, finding that the majority were using non-compliant processes or insecure systems to host and manage user data.

In the UK, 86 of the top 100 websites failed surface-level tests to varying degrees. All 86 were found to be using insecure cookies to handle sensitive user information, while 17% of sites had either missing or hard to reach privacy policies.

However, all 100 of the most visited sites in the UK were using HTTPs and had up-to-date content management systems.

The stats reveal that sites operating across the rest of Europe are more likely to be compliant with GDPR. A study of popular sites in France found 83 of its top 100 were non-compliant, while in Germany this fell to 50. The reasons for this are noticeably different, however, as sites in France and Germany are far more likely (50% and 40% respectively) to have missing or hard to reach privacy policies.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"We can see laudable efforts aimed to improve web application security and adhere to GDPR requirements amid European companies," said Ilia Kolochenko, CEO and founder of ImmuniWeb. "However, there is a long road before the majority of organisations value actual security above paper-based compliance thereby providing their users with the privacy and security they truly deserve.

For the EU as a whole, 51.5% had hard to understand privacy policies and 78.25% showed insecure cookie usage. These are relatively alarming statistic considering GDPR is now one-year-old and it's also an issue that some of the largest tech firms in the world have been accused off.

Last year, the Norwegian Consumer Council deemed the privacy-centric services for companies such as Facebook, Microsoft and Google was "unethical" for leading users to select settings that did not benefit their privacy.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020