86% UK’s most-visited websites failing GDPR compliance tests
As many as 86 percent of the top hundred most-visited websites in the United Kingdom are not compliant with GDPR requirements, be it in terms of offering privacy policies or secure usage of cookies handling potentially sensitive data, tests carried out by ImmuniWeb have revealed.
In 2017, GCHQ’s National Cyber Security Centre launched a comprehensive Web Check service to scan websites owned by UK public sector organisations for existing and emerging vulnerabilities and to help such organisations fix such flaws before they could be exploited.
In less than a year after Web Check was introduced, NCSC succeeded in performing 1,033,250 individual scans running 7,181,464 individual tests, scanned 7,791 unique URLs across 6,910 unique domains and produced 4,108 advisories for customers.
These advisories included 2,178 issues relating to certificate management, 1 relating to HTTP implementation, 184 relating to out of date content management systems, 1,629 relating to TLS implementation, 76 relating to out of date server software and, 40 relating to other issues.
Even though the government introduced GDPR in May last year in the form of a new Data Protection Act, GDPR compliance remains an issue with a large number of small, medium and large organisations struggling to curate their data protection policies to seamlessly comply with the new regulation. The situation seems to be much worse when it comes to website security, especially for sites that are visited by hundreds of thousands, perhaps millions of Internet users every day.
A series of non-intrusive checks carried out by ImmuniWeb of the top hundred most-visited websites in the UK has revealed that as many as 86 percent of such websites are not completely GDPR compliant with a large number of those failing to comply in terms of offering easily-accessible privacy policies.
Checks carried out by ImmuniWeb revealed that while 17 percent of the hundred most-visited websites in the UK did not have privacy policies or had policies that were hard to access, every single one of them failed when it came to secure usage of cookies handling potentially sensitive data.