web search

GDPR compliance low across European websites

Image: Stockfresh

9 April 2018

Websites across Europe show a high level of variance in compliance with the upcoming General Data Protection Regulation (GDPR), according to research by vpnMentor.

The company said it ran a test of more than 2,000 web sites in the EU that will need to follow the new regulations and found that as little as 34% are currently compliant. Most of the web sites checked, the company reports, either had old privacy policies, or in some cases no privacy policy at all, and “are in no way ready for the stricter privacy guidelines that take effect next month”.

The highest levels of compliance were for web sites in Germany (67%), Austria (59%) and Italy (51%). Ireland came in tenth at 38%, with the UK on 31%.

The methodology used by vpnMentor was to target web sites using the popular email marketing platform service, MailChimp. It said any website that uses MailChimp, or a similar service, to collect e-mails will have to store this data, and therefore requires a privacy policy that meets GDPR rules.

“We collected up to 100 websites in each country that use MailChimp,” said vpnMentor. “In some cases, we couldn’t find 100 and used what we could, and the results were pretty surprising.”

The report says that while some countries seem to be more prepared for the 25 May deadline with a compliance rate of more than two thirds (67%) in Germany, others such as Portugal are ill-prepared, with only 17% of the websites checked having a complete GDPR-compliant privacy policy.

The report also looked at compliance with the EU Cookie Law, and found that there was “no correlation between the sites that use the cookie-pops and the sites that are GDPR compliant”. Germany was at the bottom of the cookie-pop ups test with just 16% of websites employing this privacy feature.

“Our hypothesis was that there would be some kind of correlation in the data between these two studies,” said vpnMentor. “Had Web owners [sic] just used a third party code and inserted it into their website, we’d understand that both GDPR and cookie-pops would be similar.”

Since there is little correlation between sites that have the cookie-pops and privacy policy, the report concludes, this shows that business owners are not just copying and pasting a code or text onto the site to comply with the regulation, rather they actually carefully look into it and make the necessary updates.

For some sites, the report argued, there may be a good reason for not having the cookie-pops enabled on their site, such as not employing cookies. Interestingly, in Slovenia, which had the highest percentage of cookie-pops enabled (64%), only 40% of the sites were GDPR compliant, meaning that at least 60% of the Slovenian sites may be in violation of the new regulation.

While privacy policies may not be the greatest indicator of overall GDPR compliance, it is nonetheless another indicator of compliance efforts across the region.

In January, the European Commission said that only Germany and Austria had passed all necessary legislation required to bring national laws into line with the regulations.

Ireland ranks tenth with a 38% compliance rate. (Image: vpnMentor)

TechCentral Reporters


Read More:

Comments are closed.

Back to Top ↑