One in three companies in the top 55 most visited websites in Belgium do not take any precautions with user data.
This is the conclusion in a survey conducted by the University of Hasselt (UHasselt), which was reported by Het Belang van Limburg on Saturday.
Under the General Data Protection Regulation (GDPR), companies must provide all the information they have collected about a user if he or she requests it.
Two researchers from Hasselt University pretended to be each other and tried to obtain their colleague’s data. No fewer than 15 of the 55 companies tested were easily fooled.
“We are talking about 15 companies from which it is easy to steal data,” says researcher Mariano Di Martino.
In some cases, the information may be sensitive. “It’s not just bank account numbers and financial transactions, but also data on parking or places visited. This is sensitive information, especially if it falls into the wrong hands,” warns Di Martino.
These “vulnerable” companies were subsequently informed of the experiment.