A Year Later, Many Sites Are Still Failing To Meet Basic GDPR Requirements
Saturday, June 1, 2019
Other issues are less prevalent, but open sites up to potential issues including data breaches and other exploits. Researchers found that nearly seven percent of all sites tested are using outdated or vulnerable content management systems (CMS), which could be leveraged by a malicious actor to gain access to sensitive information. Another six percent of websites failed to use HTTPS encryption, an essential requirement that ensures a connection between a user and website is secure. If a site does not use HTTPS encryption, there is no guarantee that information shared with the site won't be intercepted by an attacker.
"We can see laudable efforts aimed to improve web application security and adhere to GDPR requirements amid European companies," Ilia Kolochenko, CEO and Founder of ImmuniWeb said in a statement. "However, there is a long road before the majority of organizations start valuing actual security above paper-based compliance thereby providing users with the privacy and security they truly deserve."
Despite some organizations coming up short of the standards set by GDPR, the regulations largely appear to be working. The European Commission's Justice and Consumers department revealed there have been 89,271 reported data breaches since the rules have gone into effect. (Organizations are required to disclose any data breach within 72 hours of discovery or face fines under GDPR.) There have also been a reported €56 million (about $63 million) in fines issued in that time. Read Full Article
Software Testing NEWS: ImmuniWeb launches website security and GDPR compliance test
SecurityWeek: Analysis Shows Poor GDPR Compliance in European Websites