CHECK YOUR PRIVACY FRIENDLY RATING

Order your report now!

Create privacy friendly web site and contribute in creating safer internet for both, your business and the society.

Order full report now!

Make sure your web site protects visitors’ personal data and rights gauranteed by the EU. 

If yor PRIVACY FRIENDLY score is below 100, there’s a room for improvement.

Buy the report with instructions for improving your site, do the changes, have it reassessed and get new listing at privacy friendly.eu. 

Reassessment and new listing included in price.

Free reports for public sector!

Based on the potential impact site could cause to a visitor, Ostendo Consulting has selected and analysed more then 1.000 web sites and prepared custom recomendations for improvement.

To encourage better personal data protection in critical public sectors, for all:

  • public schools and
  • public health institutions

already included in the research, reports and instructions for improvement are available for free!

Find out if your public school or health institution is among them and get a free report. Otherwise, order report with 75% discount.

Reassessment and new listing included.

75% discount for unaware!

If your web site is listed among those with PRIVACY SCORE below 50, it could be dangerous for both, your visitors and you.

Find out what is your score! To encourage building secure digital society, we approve 75% discount for all web sites with PRIVACY FRIENDLY score below 50. 

Get the report, improve your site have it reassessed and get a new listing.

Reassessment and new listing included in price.

Interpreting Privacy Friendly score

Understand the risk of using privacy unfriendly web sites

PRIVACY FRIENDLY score

If PF score is less than 100, it is bad! If less than 50, this is dangerous! PF score evaluates web site’s fulfilment of the most basic privacy requirements which in fact means that even sites with maximum score could still be violating human right to personal data protection.

For better understanding risk of using a web site, communication privacy and lawful processing scores are also provided. While PF score indicates problems’ size, these numbers indicate their sources.

CPF_GAUGE@300x

Communication privacy score

Low communication privacy score indicates increased risk of personal data being misused by the third party which is most probably unknow to a visitor. Not always, but in most cases, low communication privacy score is caused by the inadequate technical controls.

LP_GAUGE@300x

Lawful processing score

Low lawful processing score indicates increased risk of personal data being misused by the site owner or potential problems in fulfilling visitors request with regards to personal data protection. It is caused by lack of transparency related to data collection and processing caused by missing or unclear information.

FAQ

Find more about PRIVACY FRIENDLY project.

Web site can achieve maximal PRIVACY FRIENDLY score of 100. To achieve such score, web site has to fulfil visitors’ data protection rights guaranteed by the EU regulation, by complying with essential security and legal requirements.

Score is calculated based on the proprietary SPFAM (Simplified Privacy Friendliness Assessment Methodology) based on 16 key legal and cyber security risk indicators (KRA) which combined provide a score in a range from 0 to 100. 

PRIVACY FRIENDLY score is calculated based on the input provided by qualified cyber security and legal analysts using SPFAM methodology developed by the Ostendo Consulting, a company specialized for cyber security and compliance risk management in information systems.

To ensure reliable results, methodology ensures each web site to be analysed by at least two qualified analysts, one specialised for legal compliance and the other specialised for cyber security assessment. Methodology introduces control and corrective factors to ensure minimal error and provide in depth transparency.

Methodology also takes into account potential impact data processing conducted by web site could have to a visitor hence, sites processing sensitive data need to perform better to achieve same score.

It means site has implemented essential elements of transparency and cyber security to protect personal data – not that site is 100% secure. It’s important to understand, PRIVACY FRIENDLY score is about web site only, not about the organisation overall. Organisations can still provide false information and use visitors’ data they collect in unlawful ways. However, web site is reflection of the general approach to personal data. Responsible approach to personal data processed by the web site in general extends to other data processing activities within the company.

PRIVACY FRIENDLY score is undeniable one of the most objective indicators of web sites privacy friendliness. This is achieved through the integration of SPFAM methodology based on clear demonstrable requirements ensuring testing repeatability and financial independence as web sites for analysis are selected based on the risk assessment and cost of assessment is covered by Ostendo Consulting. Web site owners ordering the assessment directly, pay upfront so finacial dependance won’t impact the result.

Web site can achieve maximal PRIVACY FRIENDLY score of 100. To achieve such score, web site has to ensure fulfilling visitors’ data protection rights by complying with essential security and legal requirements.

If PRIVACY FRIENDLY score is below 100, LAWFUL PROCESSING and COMMUNICATION PRIVACY scores provide additional information about the domains in which website fails.

If COMMUNICATION PRIVACY score is less that 100, it means either communication between web site and visitor can easily be intercepted or web site shares visitors’ personal information with other organisations without being transparent on that matter.

If LAWFUL PROCESSING score is less than 100, it means visitor could have problems exercising its rights as website isn’t transparent enough about what these rights are or how to exercise them.

Very low scores can be a result of combined non compliances and potential impact personal data processing can cause to a visitor.

Web sites for analysis are selected based on risk assessment.

If you’d like us to include your site, don’t hesitate to contact us. You can order site analysis. You will get full report and results will be listed at https://privacyfriendly.eu. If you achieve PRIVACY FRINEDLY score 100, you are allowed to publish PRIVACY FRIENDLY logo and link to your results.

Congratulations! 

Each web site with PRIVACY FRIENDLY score 100 is encouraged to add a logo and link to a privacy friendly results page showing the score. It is also encouraged to publish a press release related to this great achievement clearly showing responsible approach of the web site owner to protect personal data of its clients.

Please find high resolution logos and instructions here

If PRIVACY FRIENDLY score is below 100, LAWFUL PROCESSING and COMMUNICATION PRIVACY scores provide additional information about the domains in which website fails.

If COMMUNICATION PRIVACY score is less that 100, it means either communication between web site and visitor can easily be intercepted or web site shares visitors’ personal information with other organisations without being transparent on that matter.

If LAWFUL PROCESSING score is less than 100, it means visitor could have problems exercising its rights as website isn’t transparent enough about what these rights are or how to exercise them.

Very low scores can be a result of combined non compliances and potential impact personal data processing can cause to a visitor.

Most efficient way of dealing with low PRIVACY FRIENDLY score is buying the full analysis report with recommendations for improvement.

People behind the PRIVACY FRIENDLY project are Ostendo Consulting’s information security and privacy professionals. These are the same people responsible for initiating, supporting and executing numerous initiatives for improving security in digital society.

Some are listed by the SC Magazine UK among 50 most influential women in Europe in cybersecurity and 50 most influential women in IT in Croatia. Among numerous public facing projects, Ostendo Consulting is the creator of OCPP certification and GDPR Novosti – Croatian web portal for privacy professionals as well as the initiator of the UZOP – Association for personal data protection and main organiser of cyber security and privacy awareness programs ZOP 2019 involving more than 100 professionals and 500 children.

Since the establishment in 2011, Ostendo Consulting helped more than 100 clients in personal data protection projects across the  US and Europe and educated more than 1.000 privacy professionals.

Information and services provided by web site with low PRIVACY FRIENDLY score should be used with caution or even avoided.

You could have better understanding of the score by looking at COMMUNICATION PRIVACY (CPS) and LAWFUL PROCESSING (LPS) scores.

In general, low CPS is more dangerous. Web site with CPS below 50 can easily be impersonated and communication eavesdropped meaning you should avoid visiting such site or if you visit it, do not use your credit card nor provide any sensitive information.

If CPS is between 50 and 100, this could be because web site does not provide full disclosure about who besides the site owner collets your data there.

Low LPS means that you could have difficulties in exercising your rights guaranteed by the GDPR.

Secure your clients -secure your business!

Running a web site comes with the responsibility. Even those web sites which collect no information of any kind, behind the scenes exchange surprisingly big amount of personal data which can be stolen and misused.

WEB server can’t show a page without collecting information about visitor’s IP address, type of browser, screen resolution, etc. This information can be used for device identification, location and tracking.

Using payment card can involve fraud protection mechanisms which create huge global databases based on the card usage behaviour analysis. If visitors exchange data with a web server, they are entitled to expect privacy. However, very few web pages provide transparent information about which data exactly they collect from their visitors and their devices and who is this data sent to.

Surprisingly big percentage of web servers today, still do not use encryption to protect communication privacy, or use it in an unsecure way.

PRIVACY FRIENDLY score is designed as a methodology for web site privacy friendliness verification with the main goal to support web site owners in building better web pages, compliant with modern privacy and security regulation and standard.

Take the responsibility and make sure your web page is PRIVACY FRIENDLY. Achieve the 100 score and put the PRIVACY FRIENDLY logo on your web page!