GDPR Privacy Policy Fail: Only 34% of EU Sites Compliant

GDPR Privacy Policy Fail: Only 34% of EU Sites Compliant

Just a third of websites in the EU and even fewer in the UK have their privacy policy in order ahead of major new legislation set to land next month.

The European General Data Protection Regulation (GDPR) represents the biggest change to the EU’s privacy laws in almost a generation.

However, despite it being ratified two years ago, there appear to be major compliance problems ahead of the May 25 deadline.

Privacy site vpnMentor analyzed 100 websites in each EU member state using the popular MailChimp email marketing service. Any firm using this platform would have to comply with the GDPR’s strict new rules governing privacy policies, it said.

From the end of May, organizations will be required to be much more open and honest with users about how their data is collected and what it is used for, and the new policy must reflect this in clear English.

“The new privacy policy must be transparent and tell the users what will happen with the data that is collected,” said vpnMentor. “It should be concise and written clearly, let the user know whether their data will be shared with a third party or used for marketing purposes, explain the use of cookies and their purpose, and clearly state the rights of the individual visiting the site.”

Unfortunately, just 34% of websites across the EU are compliant at present, with the figure falling to 31% in the UK.

“Most of the websites we checked either had old privacy policies, and in some cases no privacy policy at all, and are in no way ready for the stricter privacy guidelines that take effect next month,” the firm added.

Germany (67%), Austria (59%), Italy (51%), Cyprus (50%) and Malta (50%) topped the list of most compliant websites.

UK government research from earlier this year claimed that just 38% of businesses had even heard of the new regulation.

Fines of up to £17m, or 4% of global annual turnover, could realistically be levied by regulators for serious infractions, although the information commissioner has said that such fines won’t be the norm, and it won’t be looking to punish early on.

Source: Information Security Magazine