Skip to content

Missing GDPR Rights Reference in Privacy Policy

Missing GDPR Rights Reference in Privacy Policy

Description

The vulnerability exists in the privacy policy's failure to explicitly reference the rights granted to users in the EU under the General Data Protection Regulation (GDPR), potentially leaving users unaware of their rights and protections under the law.

Recommendation

To mitigate vulnerability, ensure that your privacy policy clearly outlines the rights of users under the GDPR, including the right to access, rectify, and erase personal data, as well as the right to data portability and the right to object to processing. Additionally, regularly review and update your privacy policy to ensure compliance with any changes to GDPR regulations.

Standards

  • OWASP_MASVS_L1:
  • OWASP_MASVS_L2:
  • OWASP_MASVS_RESILIENCE:
  • CWE_TOP_25:
  • GDPR:
    • ART_5
    • ART_6
    • ART_7
    • ART_9
    • ART_11
    • ART_13
    • ART_15
    • ART_16
    • ART_17
    • ART_32
  • CCPA:
    • CCPA_1798_100
    • CCPA_1798_105
    • CCPA_1798_110
    • CCPA_1798_115
    • CCPA_1798_120
    • CCPA_1798_125
    • CCPA_1798_130
    • CCPA_1798_135
    • CCPA_1798_140
    • CCPA_1798_150
  • PCI_STANDARDS:
  • OWASP_MASVS_v2_1:
    • MASVS_PRIVACY_1
    • MASVS_PRIVACY_2
    • MASVS_PRIVACY_3
    • MASVS_PRIVACY_4
  • OWASP_ASVS_L1:
  • OWASP_ASVS_L2:
  • OWASP_ASVS_L3:
  • SOC2_CONTROLS:
    • CC_2_3
    • CC_5_3