After reading an interview (german content) of the EU-Commisioner for Justice, Consumers and Gender Equality Vra Jourov with the German newspaper Die Zeit in which she stated that the GDPR is so easy, even she could implement it, I got very curious and wanted to see how compliant the EUs websites are.
It took me less than five minutes to spot a violation: on the website of the EU Parliament Google Analytics is being used to track the visitors without the neccesary anonymizeIP flag, which in turn causes Google to store the complete IP address without anonymizing the last octet. You can take a look for yourself by checking the source code of this page (archived version in case it gets fixed in the meantime).
Source code snippet without the anonymizeIP flag
This is a violation of the GDPR, since the personal data (IP address) in conjunction with analytics data is being stored on Googles servers without consent or any other legal basis. Seems like the EU is not quite ready for May 25th, yet;-)
You can find more information about anonymizeIP here. Heres a list courtesy of the EU comission of what is considered personal data. In regards to GDPR impelementation, ICOs Guide to the General Data Protection Regulation is a great resource.
Reach out to me via twitter (@cerebuild) or e-mail at email@example.com. You can find the legal notice required by German law on most websites here.