FTSE 30 Companies Risk Violating Key GDPR Principle, According to New RiskIQ Research


LONDON – June 1, 2017 – With one year remaining until the commencement of EU General Data Protection Regulation (GDPR), new research by RiskIQ reveals that more than one-third of all public web pages of FTSE 30 companies capturing personally identifiable information (PII) are in danger of violating the regulation by doing so insecurely.

When assessing the public websites of FTSE 30 organisations, RiskIQ found that more controls on external facing web assets, known as an organisation’s digital footprint, are needed in order to support requirements ahead of the fast-approaching GDPR deadline. Most data capture forms found on websites fall within the scope of GDPR as they collect personal data. The regulation emphasises that provisions should be in place to ensure that PII is securely captured and processed. In the UK, the Information Commissioner has provided guidance that, in the case of data loss where encryption software has not been used to protect the data, regulatory action may be pursued. [1]

RiskIQ research on the public facing websites of FTSE 30 organisations reveals:

  • 99,467 live websites in total, an average of 3,315 websites per organisation
  • 13,194 pages on those sites that collect PII; an average of 440 pages per organisation
  • 34% of pages that collect PII are doing so insecurely
    • 29% are not using encryption
    • 3.5% are using very old, vulnerable encryption algorithms
    • 1.5% have expired certificates

Insecure collection of PII is not just a GDPR compliance violation. The loss of personal data, profit, and reputation resulting from the use of insecure forms is a legitimate concern for consumers, as well as shareholders. In addition to personal claim liability, Article 83 provides guidance on fines for GDPR faults, which start at the greater of €10m or 2% of global annual turnover for the preceding financial year– or even double depending on the infraction. This applies to all companies actively engaging with European citizens, regardless of whether they have a physical presence in Europe.

GDPR hygiene extends beyond secure collection. As part of the regulation’s fairness and transparency guidelines, organisations must clearly state at the point of capture how they’ll be using an individual’s data. Permission to use their data must be explicit and demonstrated through an action such as ticking a box, a significant departure from the ‘opt out’ process most organisations have in place today.

Bob Tarzey, analyst and director, Quocirca Ltd., said, “While this RiskIQ research is focused on large UK companies, the findings will be representative of all organisations. Many will already have the data security basics in place to comply with the regulations that precede GDPR. However, GDPR has many additional requirements, especially around the way data is captured and processed. These include obtaining explicit opt-in from data subjects. Before an organisation can address GDPR, it needs to fully understand the extent of its online data gathering activities. With enforcement of GDPR less than a year away, the time to act is now.”

The challenge for large, global organizations is the sheer volume and complexity of websites and web applications that need to be accounted for, not only for security purposes but also for regulatory compliance such as GDPR. RiskIQ’s Digital Footprint helps organizations address this challenge by discovering and monitoring an organisation’s public facing digital footprint, including websites and associated pages and forms. It highlights both security and policy violation exposures in that footprint to enable security and GRC teams to reduce their attack surface and maintain compliance.

“Thorough knowledge of an organisation’s web presence is crucial to steering clear of potential GDPR repercussions,” said Colin Verrall, vice president, RiskIQ EMEA. “Our customers are using RiskIQ Digital Footprint to capture their full digital footprint and actively identify potential areas of non-compliance, including insecure data collection pages and forms.”

[1] https://ico.org.uk/for-organisations/guide-to-data-protection/encryption/

To view the supporting infographic, click here: https://safe.riskiq.com/rs/455-NHF-420/images/RiskIQ_In_Poor_Form_GDPR_infographic.png. To find out more about the risks of using insecure forms, read our recent blog post. To learn more about the risks of old encryption algorithms, read this blog post.

Coming to Infosecurity Europe? You’ll find us on stand F177.


About RiskIQ
RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social, and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action to protect business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures. Visit RiskIQ.com

Have any Question or Comment?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

::::::::::::::::::::::::::::::::::6733:::::::::::::::::::::::::::::::::;;

:::::::::::::::::::::::::::::925:::::::::::::::::::::::::::::::

TRIO STEEL IS ONE OF THE MOST TRUSTED BRAND AND LEADING EXPORTER AND SUPPLIER OF CARBON STEEL, ALLOY STEEL & STAINLESS STEEL PIPES & PIPE FITTINGS MATERIAL. Triosteel is one of the leading Suppliers and Exporters of API 5L Pipe in Singapore. Triosteel also Exports to many countries like Indonesia, Iran, Saudi Arabia & many more. An API 5L pipe is manufactured by adhering to the specifications laid down by the International Organization for Standardization (ISO) 3183.

2780

buy! buy! CHEAP! Telefonie VoIP CHEAP! buy! buy! CHEAP!

2781

buy! buy! CHEAP! Telefonie VoIP CHEAP! buy! buy! CHEAP!

——————————————–

For the 2012 MLB period, we found an totals forecast Joao’s Renowned Over/Under João Zorro Gonçalves, Zcode Totals Pro, System of the time with progressions that have been successful over 98 98% ... We eventually perfected our over/under program ( Zcodesystemexclusive ), although it h-AS has brought years of investigation. Five Steps to Making a Winning MLB Method: 1. Execute appropriate cash management tools. 2. MLB rules that are comprehend. 3.Extensive testing back to make sure successful longterm results ...

——————————————–

There is always a challenge when you're dealing with the Foreign Exchange Market. That's just the nature of the beast. The best thing you can do is to learn about how the market operates as a whole so that you will be ready to meet these challenges. iq option penipu Never be misled by any profit gains in binary options. This is the number-one way traders end up losing their money and ultimately failing. Remember that the same things that make you laugh can make you cry in this market, and you can lose that $700.

——————————————–

Learning Polish has never been this fun and easy as with our podcasts Learn Polish with Polishpod101 Start today and become conversational in Polish in no time

——————————————–

The Best Website Agen Poker Resmi www.sakupoker.com Terpercaya come join

——————————————–

Do you need edmonton phone systems service ? Call complete communications today!

——————————————–

High-tech solutions for easy start-up of your IPTV/OTT-business

——————————————–

——————————————–

If you want to purchase not only one item, you have a chance to enjoy privileges. There is a sale’ tab on the site which offers a fantastic range of reduced counterfeit watches and accessories, such as sunglasses, cufflinks, watch straps and pens. Luxury Jewelry Replica At MCA.MN On Sale You get a 5% discount if you buy two pieces, this discount increases to 10% if you buy 4 pieces or more. There is free international shipping on all orders on this site. We also offer customers a free return anytime with a 100% money back guarantee.

——————————————–