A year later, many sites still do not meet the basic requirements of the GDPR

<div _ngcontent-c14 = "" innerhtml = "

It's just finished one year since the European Union has implemented the General Data Protection Regulation (GDPR). Set up to establish digital privacy rules and give consumers more control over their data, the GDPR has been controversial because of the alleged burden it imposes on organizations to comply with regulations. A new study conducted by a security testing company & nbsp;ImmuniWeb found that while companies have had ample time to update their sites and services, many still do not meet the basic requirements set by the GDPR.

ImmuniWeb tested the 100 most visited websites in 28 European Member States to determine how well they had managed to fully comply with the new EU privacy regulations. What she has found is that many have not lived up to the code. In total, more than half of the sites tested – 51% – had a privacy policy that was missing or difficult to find despite the fact that GDPR requires sites that make the information easily accessible. This question is particularly serious because it should be one of the easiest to solve. This simply requires making the company's policy regarding the conservation and use of data easy to find. Assuming companies have a privacy policy, there should be few things that prevent them from making the information available.

The worst of websites has been to comply with the rules for tracking cookies. GDPR requires companies that they disclose if their website uses cookies to track user information and activity, especially if they may sell or otherwise monetize this information. Companies must also use secure cookies to ensure that they properly handle potentially sensitive information. Nearly four out of five tested sites did not meet these thresholds, either by failing to specify that cookies were used on the site or by using unsecured cookies to collect information.

Other problems are less prevalent, but open sites to potential problems, including data breaches and other exploits. The researchers found that nearly 7% of the sites tested used outdated or vulnerable content management systems (CMS), which could be exploited by a malicious actor to access sensitive information. Six percent of websites did not use HTTPS encryption, which is essential to ensure the security of a user's connection to a website. If a site does not use HTTPS encryption, it is not guaranteed that information shared with the site will not be intercepted by an attacker.

"We can see commendable efforts to improve the security of web applications and to meet GDPR requirements with European companies," Ilia Koloshenko, CEO and founder of ImmuniWeb, said in a statement. "However, there is still a long way to go before the majority of companies begin to value real security beyond paper compliance, giving users the privacy and security they really deserve."

Although some organizations do not meet the standards set by the GDPR, the regulation seems to be largely working. Justice and Consumers Department of the European Commission revealed 89,271 data breaches have been reported since the entry into force of the rules. (Organizations are required to disclose any breach of data protection within 72 hours of discovery, failing which they will be fined under the PMR.) 56 million euros (approximately $ 63 million) in fines imposed during this period.

">

It has been a little over a year since the European Union implemented the General Data Protection Regulation (GDPR). Set up to establish digital privacy rules and give consumers more control over their data, the GDPR has been controversial because of the alleged burden it imposes on organizations to comply with regulations. New study conducted by ImmuniWeb security testing company found that while companies have had ample time to update their sites and services, many still do not meet the basic requirements set by the GDPR.

ImmuniWeb tested the 100 most visited websites in 28 European Member States to determine how well they had managed to fully comply with the new EU privacy regulations. What she has found is that many have not lived up to the code. In total, more than half of the sites tested – 51% – had a privacy policy that was missing or difficult to find despite the fact that GDPR requires sites that make the information easily accessible. This question is particularly serious because it should be one of the easiest to solve. This simply requires making the company's policy regarding the conservation and use of data easy to find. Assuming companies have a privacy policy, there should be few things that prevent them from making the information available.

The worst of websites has been to comply with the rules for tracking cookies. GDPR requires companies that they disclose if their website uses cookies to track user information and activity, especially if they may sell or otherwise monetize this information. Companies must also use secure cookies to ensure that they properly handle potentially sensitive information. Nearly four out of five tested sites did not meet these thresholds, either by failing to specify that cookies were used on the site or by using unsecured cookies to collect information.

Other problems are less prevalent, but open sites to potential problems, including data breaches and other exploits. The researchers found that nearly 7% of the sites tested used outdated or vulnerable content management systems (CMS), which could be exploited by a malicious actor to access sensitive information. Six percent of websites did not use HTTPS encryption, which is essential to ensure the security of a user's connection to a website. If a site does not use HTTPS encryption, it is not guaranteed that information shared with the site will not be intercepted by an attacker.

"We can see that commendable efforts are being made to improve web application security and meet GDPR requirements among European companies," said Ilia Kolochenko, CEO and founder of ImmuniWeb. "However, there is still a long way to go before the majority of companies begin to value real security beyond paper compliance, giving users the privacy and security they really deserve. "

Although some organizations do not meet the standards set by the GDPR, the regulation seems to be largely working. Justice and Consumers Department of the European Commission revealed 89,271 data breaches have been reported since the entry into force of the rules. (Organizations are required to disclose any data breach within 72 hours of their discovery or under the GDPR.) A fine of 56 million euros (approximately $ 63 million) was also reported on that date.