Exactly four years ago, the General Data Protection Regulation (GDPR) came into effect. As a result, all companies have had to implement a stricter data and privacy policy, including on their website. However, two thirds of Belgian companies still do not seem to comply with these rules on the Internet, reveals a survey by the online marketing agency Universem and the legal firm Lexing, which specializes in technology law.
Indeed, only 6% of sites are fully compliant with the standards imposed by the GDPR, explain the marketing agency and the law firm in a press release. They add that 28% of sites show satisfactory results. This means that 34% of companies comply with the majority of the rules and strive to put the protection of their users’ data at the top of their priorities.
GDPR measures apply to the use, processing and storage of personal data collected online, in particular through the famous « cookies », « the most common way to track the behavior of web users in order to send them targeted messages« . The installation and use of cookies is also subject to the law on online privacy, which is stricter in Belgium because the user must give explicit authorization beforehand.
This study further shows that 66% – or two-thirds of the companies analyzed – did not have sufficient controls and safeguards in place.
Cookie banners are not enough
Certainly, Internet users have surely noticed since 2018 a massive appearance of banners and pop-ups informing them that the site consulted uses cookies. But that doesn’t say it all. One banner is not enough to comply with the entire directive.
If 20% of these banners only warn the user that cookies will be installed if he continues his visit, only 8% of them offer the possibility of refusing or accepting all cookies with a single click. The survey reveals that the majority of banners (58%) offer a selection, sometimes very extensive, of the types of cookies authorized. The researchers also explain that in almost half of the cases, a cookie is already placed before the user has expressed his opinion, which goes against the spirit of the GDPR regulation.
« Beyond the vaguely boring anecdotal nature of cookie banners, all stakeholders must understand the importance of the data processing carried out from websites and the necessary transparency thereof.« , believes Alexandre Cassart of Lexing. « Failing this, the Data Protection Authority will take care of reminding it by hitting the companies in the portfolio.«
However, the results are encouraging: most of the companies surveyed are aware of the rules relating to the protection of user data and explicitly indicate this on their sites. 79% of companies have a privacy policy on their site and 63% have a cookie policy.
The risk of penalty is real
Make no mistake: the risks of sanctions are real in the event of non-compliance. Of a financial nature, they can amount to 4% of the worldwide turnover of the penalized group.
Moreover, beyond being targeted by an investigation, users themselves may be the source of complaints and therefore of court decisions concerning data protection and confidentiality (which have increased considerably in recent years). In effect, « over the past 4 years we have seen a dramatic increase in consumer interest in privacy« , explains Hubert de Cartier of Universem. « They want to know how their data is used by companies. Organizations cannot ignore this legitimate request, because it can harm them, in particular by fines, but also by a confidence which decreases, or even disappears completely.«
Universem and Lexing therefore advise their clients to « think about a long-term strategy with regard to data collection, marketing strategies and communication. A useful rule of thumb already applies to almost everyone: don’t collect data you don’t need.«
The study was carried out on 100 sites of large companies, based on the « Top 5000 » of the magazine Trends-Tendances. The selection was made on the basis of turnover and the presence of a .be site.
>> Read also:The collection of private data, a lucrative business… which could collapse in 2023?
#sites #protect #private #data
