We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Report: Only 34% of Websites in the EU are Ready for GDPR

Kristina Perunicic Managing Editor

It’s been nearly 2 years since the Council of the European Union, European Parliament and the European Union passed the privacy legislation known as the General Data Protection Regulation (GDPR).

Beginning on May 25th, 2018 any company that hasn’t updated their privacy policy during the two-year grace period will be in violation of the law and could face fines as much 4% of the company’s global revenue or €20 million, whichever is higher.

The updated privacy policy should be straightforward, informing users about the usage of their collected data. It needs to be succinct, clearly articulated, and disclose if the user data will be disseminated to a third party or utilized for promotional activities. The policy should also elaborate on the deployment of cookies and their function, as well as unambiguously define the rights of the person accessing the site.

vpnMentor ran a test of over 2,500 websites in the EU that will need to follow the new GDPR regulations and found that as little as 34% of websites are currently compliant. Most of the websites we checked either had old privacy policies, and in some cases no privacy policy at all, and are in no way ready for the stricter privacy guidelines that take effect next month. Those that fail to meet these new standards, will be subject to the fines mentioned above.

infographic on GDPR compliance

Our Methodology

We targeted websites that use the popular MailChimp service.

MailChimp is an E-mail marketing platform that collects users Email addresses in order to send out newsletters, company updates, and general marketing materials.

Any website that uses MailChimp or a similar service to collect emails will have to store this data and therefore need a privacy policy that fits in with the GDPR regulations.

We collected up to 100 websites in each country that use MailChimp. In some cases, we couldn’t find 100 and used what we could, and the results were pretty surprising.

While some countries like Germany seem to be more prepared for the May 25th deadline with a compliance of 67%, others such as Portugal are ill-prepared  only 17% of the websites we checked had a complete GDPR approved privacy policy.

Does the Data Correlate with Sites that are Compliant with the EU Cookie Law?

During the course of our research, we also investigated whether these sites were in compliance with the EU internet cookie regulations that were recently passed into law. The cookie pop-up notifications, or “cookie-pops,” require a pop-up window to appear on any site using cookies to collect information on the websites' users.

Once again, we were surprised as there seemed to be no correlation between the sites that use the cookie-pops and the sites that are GDPR compliant. Germany a country that topped our list on GDPR compliance  was at the bottom of the cookie-pops test with just 16% of website employing this privacy feature.

Our hypothesis was that there would be some kind of correlation in the data between these two studies. Had web owners just used a third party code and inserted it into their website, we’d understand that both GDPR and cookie-pops would be similar.

However, since there is little correlation between sites that have the cookie-pops and privacy policy, this shows that business owners are not just copying and pasting a code or text into the site to comply with the regulation, rather they actually carefully look into it and make the necessary updates (this is good news).

For some sites, there may be a good reason for not having the cookie-pops enabled on their site, such as they don’t collect cookies. Interestingly in Slovenia, which had the highest percentage of cookie-pops enabled 64%, only 40% of the sites were GDPR compliant, meaning that at least 60% of the Slovenian sites will be in violation of the new regulation.

If your website isn’t GDPR compliant yet, you can go here and copy/paste the GDPR policy into your website to avoid any legal issue you may otherwise encounter.

We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

Kristina Perunicic is a former editor for vpnMentor. She’s a cybersecurity expert with an interest in VPNs and their importance in the digital privacy landscape.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback