86% UK's most-visited websites failing GDPR compliance tests

86% UK's most-visited websites failing GDPR compliance tests

Danish DPA fines IDdesign for storing personal data of 385,000 customers

As many as 86 percent of the top hundred most-visited websites in the United Kingdom are not compliant with GDPR requirements, be it in terms of offering privacy policies or secure usage of cookies handling potentially sensitive data, tests carried out by ImmuniWeb have revealed.
In 2017, GCHQ's National Cyber Security Centre launched a comprehensive Web Check service to scan websites owned by UK public sector organisations for existing and emerging vulnerabilities and to help such organisations fix such flaws before they could be exploited.
In less than a year after Web Check was introduced, NCSC succeeded in performing 1,033,250 individual scans running 7,181,464 individual tests, scanned 7,791 unique URLs across 6,910 unique domains and produced 4,108 advisories for customers.
These advisories included 2,178 issues relating to certificate management, 1 relating to HTTP implementation, 184 relating to out of date content management systems, 1,629 relating to TLS implementation, 76 relating to out of date server software and, 40 relating to other issues.
Even though the government introduced GDPR in May last year in the form of a new Data Protection Act, GDPR compliance remains an issue with a large number of small, medium and large organisations struggling to curate their data protection policies to seamlessly comply with the new regulation. The situation seems to be much worse when it comes to website security, especially for sites that are visited by hundreds of thousands, perhaps millions of Internet users every day.
A series of non-intrusive checks carried out by ImmuniWeb of the top hundred most-visited websites in the UK has revealed that as many as 86 percent of such websites are not completely GDPR compliant with a large number of those failing to comply in terms of offering easily-accessible privacy policies.
Checks carried out by ImmuniWeb revealed that while 17 percent of the hundred most-visited websites in the UK did not have privacy policies or had policies that were hard to access, every single one of them failed when it came to secure usage of cookies handling potentially sensitive data.

Copyright Lyonsdown Limited 2020

Top Articles

Universal Health Services lost $67m to a Ryuk ransomware attack last year

Universal Health Services said the cyber attack cost it $67 million in remediation efforts, loss of acute care services, and other expenses.

How the human immune system inspired a new approach to cyber-security

Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats

Solarwinds CEO blames former intern for hilarious password fiasco

SolarWinds has accused a former intern of creating a very weak password for its update server and storing it on a GitHub server for months.

Related Articles