Most of the UK's top websites fail GDPR, claims ImmuniWeb

From hard to follow privacy policies to insecure cookie usage, a large number of sites are still not compliant

EU logo

A staggering number of the UK's most popular websites are failing to comply with GDPR, according to a report.

A research team from ImmuniWeb selected the 100 most visited websites for each of the 28 European member states, finding that the majority were using non-compliant processes or insecure systems to host and manage user data.

In the UK, 86 of the top 100 websites failed surface-level tests to varying degrees. All 86 were found to be using insecure cookies to handle sensitive user information, while 17% of sites had either missing or hard to reach privacy policies.

However, all 100 of the most visited sites in the UK were using HTTPs and had up-to-date content management systems.

The stats reveal that sites operating across the rest of Europe are more likely to be compliant with GDPR. A study of popular sites in France found 83 of its top 100 were non-compliant, while in Germany this fell to 50. The reasons for this are noticeably different, however, as sites in France and Germany are far more likely (50% and 40% respectively) to have missing or hard to reach privacy policies.

Advertisement
Advertisement - Article continues below

"We can see laudable efforts aimed to improve web application security and adhere to GDPR requirements amid European companies," said Ilia Kolochenko, CEO and founder of ImmuniWeb. "However, there is a long road before the majority of organisations value actual security above paper-based compliance thereby providing their users with the privacy and security they truly deserve.

For the EU as a whole, 51.5% had hard to understand privacy policies and 78.25% showed insecure cookie usage. These are relatively alarming statistic considering GDPR is now one-year-old and it's also an issue that some of the largest tech firms in the world have been accused off.

Last year, the Norwegian Consumer Council deemed the privacy-centric services for companies such as Facebook, Microsoft and Google was "unethical" for leading users to select settings that did not benefit their privacy.

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/cloud/amazon-web-services-aws/354223/what-to-expect-from-aws-reinvent-2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Visit/hardware/354232/raspberry-pi-4-owners-complain-of-broken-wi-fi-when-using-hdmi
Hardware

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019