May 25th GDPR deadline passed but 82% of businesses appear to be non-compliant.
42% of this sample, did not have an opt-in box on their web contact form – and 18% had avoided having a web contact form altogether.
22% had omitted to have the required Privacy Notice.
Data subject rights
48% did not include any Data Subject Rights in their Privacy Notice. A significant proportion of those that did include Data Subject Rights had not been rigorous in their description of these.
70% omitted a cookie statement.
Cookie preference pop-up
70% did not provide specific details of the cookies being deployed nor did they use a pop-up so that users could express preferences before browsing the website in question.
Incorvus has contacted the organisations that were surveyed, to bring these potential vulnerabilities to their attention. The above results were not surprising, given that many organisations still do not understand their GDPR obligations, or how to implement them. What was surprising and disappointing was the lack of response (only 2% to date) to what ought to be uppermost in the minds of responsible organisations concerned with their own risk management, user data protection and regulatory compliance.
The above analysis relates to the week ending 31/5/2018.